package com.atlassian.jira.webtests.ztests.admin;

import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.RestoreBlankInstance;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import org.junit.Test;

@LoginAs(user = "admin")
@RestoreBlankInstance
@WebTest({Category.FUNC_TEST, Category.ADMINISTRATION, Category.SECURITY})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/TestAssociatedScreensForCustomFieldXss.class */
public class TestAssociatedScreensForCustomFieldXss extends BaseJiraFuncTest {
    private static final String XSS_FIELD_NAME = "\"><img src=a onerror=alert(document.domain)>";
    private static final String ESCAPED_XSS_FIELD_NAME = "&quot;&gt;&lt;img src=a onerror=alert(document.domain)&gt;";

    @Test
    public void testXssInModuleKeyParam() {
        this.backdoor.customFields().createCustomField(XSS_FIELD_NAME, "", "com.atlassian.jira.plugin.system.customfieldtypes:textfield", "com.atlassian.jira.plugin.system.customfieldtypes:textsearcher");
        this.tester.gotoPage("/secure/admin/AssociatedScreensForCustomField.jspa?customFieldId=customfield_10000&inline=true&decorator=dialog");
        this.tester.assertTextNotPresent(XSS_FIELD_NAME);
        this.tester.assertTextPresent(ESCAPED_XSS_FIELD_NAME);
    }
}
