package com.atlassian.jira.webtests.ztests.project.security.xss;

import com.atlassian.jira.functest.framework.Administration;
import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import javax.inject.Inject;
import org.junit.Before;
import org.junit.Test;

@LoginAs(user = "admin")
@WebTest({Category.FUNC_TEST, Category.SECURITY, Category.PROJECTS})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/project/security/xss/TestAssignGroupsToProjectRole.class */
public class TestAssignGroupsToProjectRole extends BaseJiraFuncTest {
    private static final String XSS_ID = "__xss_injected_id__";
    private static final String XSS = "\"/><script id='__xss_injected_id__'>alert(3);</script>";
    private static final String XSS_ENCODED = "&quot;/&gt;&lt;script id=&#39;__xss_injected_id__&#39;&gt;alert(3);&lt;/script&gt;";

    @Inject
    private Administration administration;

    @Before
    public void setUpTest() {
        this.administration.restoreBlankInstance();
    }

    private void assertXssNotInPage(String str) {
        this.tester.gotoPage(str);
        this.tester.assertElementNotPresent(XSS_ID);
        this.tester.assertTextNotPresent(XSS);
        this.tester.assertTextPresent(XSS_ENCODED);
    }

    @Test
    public void testXssOnProjectIdParameter() {
        assertXssNotInPage("jira/secure/project/GroupRoleActorAction.jspa?projectRoleId=10002&projectId=10000\"/><script id='__xss_injected_id__'>alert(3);</script>");
    }

    @Test
    public void testXssOnProjectRoleIdParameter() {
        assertXssNotInPage("jira/secure/project/GroupRoleActorAction.jspa?projectRoleId=10002\"/><script id='__xss_injected_id__'>alert(3);</script>&projectId=10000");
    }

    @Test
    public void testXssOnProjectGroupNamesParameter() {
        assertXssNotInPage("jira/secure/project/GroupRoleActorAction.jspa?projectRoleId=10002&projectID=10000&groupNames=</textarea>\"/><script id='__xss_injected_id__'>alert(3);</script>");
    }
}
