package com.atlassian.jira.webtests.ztests.admin.issuetypes;

import com.atlassian.jira.functest.framework.Administration;
import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.FunctTestConstants;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.RestoreBlankInstance;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.atlassian.jira.testkit.client.IssueTypeControl;
import javax.inject.Inject;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;

@RestoreBlankInstance
@LoginAs(user = "admin")
@WebTest({Category.FUNC_TEST, Category.ADMINISTRATION, Category.ISSUES})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/admin/issuetypes/TestIssueTypesXSS.class */
public class TestIssueTypesXSS extends BaseJiraFuncTest {

    @Inject
    private Administration administration;
    private final String xss = "\"><div id='xss-test'>XSS injected</div>";
    private final String xssEscaped = "&quot;&gt;&lt;div id=&#39;xss-test&#39;&gt;XSS injected&lt;/div&gt;";

    @Before
    public void setUpTest() {
        this.administration.restoreBlankInstance();
    }

    @After
    public void tearDownTest() {
        this.administration.restoreBlankInstance();
    }

    @Test
    public void testIssueTypeNameDoesNotLetXSStrough() {
        this.tester.gotoPage("secure/CreateIssue.jspa?pid=10000&issuetype=" + createIssueType("\"><div id='xss-test'>XSS injected</div>").getId());
        this.tester.assertElementNotPresent("xss-test");
        this.tester.assertTextPresent("&quot;&gt;&lt;div id=&#39;xss-test&#39;&gt;XSS injected&lt;/div&gt;");
    }

    @Test
    public void testIssueTypeDescriptionDoesNotLetXSStrough() {
        this.tester.gotoPage("secure/CreateIssue.jspa?pid=10000&issuetype=" + createIssueType("XSS2", "\"><div id='xss-test'>XSS injected</div>").getId());
        this.tester.assertElementNotPresent("xss-test");
        this.tester.assertTextPresent("&quot;&gt;&lt;div id=&#39;xss-test&#39;&gt;XSS injected&lt;/div&gt;");
    }

    @Test
    public void testSubtaskIssueTypeNameDoesNotLetXSStrough() {
        this.administration.subtasks().enable();
        IssueTypeControl.IssueType createIssueType = createIssueType("\"><div id='xss-test'>XSS injected</div>", (Boolean) true);
        this.tester.gotoPage("secure/CreateSubTaskIssue.jspa?pid=10000&parentIssueId=" + this.navigation.issue().getId(this.navigation.issue().createIssue("homosapien", FunctTestConstants.ISSUE_TYPE_BUG, "Test Issue 1")) + "&issuetype=" + createIssueType.getId());
        this.tester.assertElementNotPresent("xss-test");
        this.tester.assertTextPresent("&quot;&gt;&lt;div id=&#39;xss-test&#39;&gt;XSS injected&lt;/div&gt;");
    }

    @Test
    public void testSubtaskIssueTypeDescriptionDoesNotLetXSStrough() {
        this.administration.subtasks().enable();
        IssueTypeControl.IssueType createIssueType = createIssueType("XSS2", "\"><div id='xss-test'>XSS injected</div>", true);
        this.tester.gotoPage("secure/CreateSubTaskIssue.jspa?pid=10000&parentIssueId=" + this.navigation.issue().getId(this.navigation.issue().createIssue("homosapien", FunctTestConstants.ISSUE_TYPE_BUG, "Test Issue 1")) + "&issuetype=" + createIssueType.getId());
        this.tester.assertElementNotPresent("xss-test");
        this.tester.assertTextPresent("&quot;&gt;&lt;div id=&#39;xss-test&#39;&gt;XSS injected&lt;/div&gt;");
    }

    private IssueTypeControl.IssueType createIssueType(String str) {
        return createIssueType(str, "Default Description", false);
    }

    private IssueTypeControl.IssueType createIssueType(String str, Boolean bool) {
        return createIssueType(str, "Default Description", bool);
    }

    private IssueTypeControl.IssueType createIssueType(String str, String str2) {
        return createIssueType(str, str2, false);
    }

    private IssueTypeControl.IssueType createIssueType(String str, String str2, Boolean bool) {
        IssueTypeControl.IssueType issueType = new IssueTypeControl.IssueType();
        issueType.setName(str);
        issueType.setDescription(str2);
        issueType.setIconUrl("/images/icons/genericissue.gif");
        issueType.setSubtask(bool.booleanValue());
        return this.backdoor.issueType().createIssueType(issueType);
    }
}
