View Javadoc
1   /**
2    * This file Copyright (c) 2012-2018 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.templating.models.util;
35  
36  import static org.junit.Assert.assertEquals;
37  
38  import info.magnolia.test.mock.jcr.MockNode;
39  
40  import java.util.Collection;
41  import java.util.LinkedList;
42  
43  import javax.jcr.Node;
44  
45  import org.junit.Test;
46  
47  /**
48   * Tests for {@link Pagination}.
49   *
50   * XSS test cases.
51   */
52  public class PaginationXSSTest {
53  
54      @Test
55      public void testPaginationXSSRealLinkWithoutXSS() {
56          //GIVEN
57          Collection<?> items = new LinkedList<String>();
58          Node content = new MockNode();
59          Pagination pager = new Pagination("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=1", items, content);
60          //WHEN
61          String link = pager.getPageLink(2);
62          //THEN
63          assertEquals("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2", link);
64      }
65  
66      @Test
67      public void testPaginationXSSRealLinkWithXSS() {
68          //GIVEN
69          Collection<?> items = new LinkedList<String>();
70          Node content = new MockNode();
71          Pagination pager = new Pagination("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2&xss=\"><script>alert('XSS');</script>", items, content);
72          //WHEN
73          String link = pager.getPageLink(2);
74          //THEN
75          assertEquals("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2&xss=&quot;&gt;&lt;script&gt;alert('XSS');&lt;/script&gt;", link);
76      }
77  
78      @Test
79      public void testPaginationXSSRealLinkWithouXSSDoubleQuerry() {
80          //GIVEN
81          Collection<?> items = new LinkedList<String>();
82          Node content = new MockNode();
83          Pagination pager = new Pagination("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2&something<", items, content);
84          //WHEN
85          String link = pager.getPageLink(2);
86          //THEN
87          assertEquals("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2&something&lt;", link);
88      }
89  
90      @Test
91      public void testPaginationXSSRealLinkWithXSSDoubleQuerry() {
92          //GIVEN
93          Collection<?> items = new LinkedList<String>();
94          Node content = new MockNode();
95          Pagination pager = new Pagination("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?xss=\"><script>alert('XSS');</script>&currentPage=2&", items, content);
96          //WHEN
97          String link = pager.getPageLink(2);
98          //THEN
99          assertEquals("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?xss=&quot;&gt;&lt;script&gt;alert('XSS');&lt;/script&gt;&currentPage=2", link);
100     }
101 
102     @Test
103     public void testPaginationOriginalLinkShouldRemainUnchanged() {
104         //GIVEN
105         Collection<?> items = new LinkedList<String>();
106         Node content = new MockNode();
107         Pagination pager = new Pagination("<>&\"", items, content);
108         //WHEN
109         String link = pager.getPageLink(0);
110         //THEN
111         assertEquals("<>&\"?currentPage=0", link);
112 
113         /* Do it again */
114         //WHEN
115         link = pager.getPageLink(2);
116         //THEN
117         assertEquals("<>&\"?currentPage=2", link);
118     }
119 
120 }