1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.templating.models.util;
35
36 import static org.junit.Assert.assertEquals;
37
38 import info.magnolia.test.mock.jcr.MockNode;
39
40 import java.util.Collection;
41 import java.util.LinkedList;
42
43 import javax.jcr.Node;
44
45 import org.junit.Test;
46
47
48
49
50
51
52 public class PaginationXSSTest {
53
54 @Test
55 public void testPaginationXSSRealLinkWithoutXSS() {
56
57 Collection<?> items = new LinkedList<String>();
58 Node content = new MockNode();
59 Pagination pager = new Pagination("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=1", items, content);
60
61 String link = pager.getPageLink(2);
62
63 assertEquals("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2", link);
64 }
65
66 @Test
67 public void testPaginationXSSRealLinkWithXSS() {
68
69 Collection<?> items = new LinkedList<String>();
70 Node content = new MockNode();
71 Pagination pager = new Pagination("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2&xss=\"><script>alert('XSS');</script>", items, content);
72
73 String link = pager.getPageLink(2);
74
75 assertEquals("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2&xss="><script>alert('XSS');</script>", link);
76 }
77
78 @Test
79 public void testPaginationXSSRealLinkWithouXSSDoubleQuerry() {
80
81 Collection<?> items = new LinkedList<String>();
82 Node content = new MockNode();
83 Pagination pager = new Pagination("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2&something<", items, content);
84
85 String link = pager.getPageLink(2);
86
87 assertEquals("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?currentPage=2&something<", link);
88 }
89
90 @Test
91 public void testPaginationXSSRealLinkWithXSSDoubleQuerry() {
92
93 Collection<?> items = new LinkedList<String>();
94 Node content = new MockNode();
95 Pagination pager = new Pagination("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?xss=\"><script>alert('XSS');</script>¤tPage=2&", items, content);
96
97 String link = pager.getPageLink(2);
98
99 assertEquals("http://demo.magnolia-cms.com/demo-project/news-and-events/news-overview.html?xss="><script>alert('XSS');</script>¤tPage=2", link);
100 }
101
102 @Test
103 public void testPaginationOriginalLinkShouldRemainUnchanged() {
104
105 Collection<?> items = new LinkedList<String>();
106 Node content = new MockNode();
107 Pagination pager = new Pagination("<>&\"", items, content);
108
109 String link = pager.getPageLink(0);
110
111 assertEquals("<>&\"?currentPage=0", link);
112
113
114
115 link = pager.getPageLink(2);
116
117 assertEquals("<>&\"?currentPage=2", link);
118 }
119
120 }