package com.atlassian.jira.webtests.ztests.issue.security.xss;

import com.atlassian.jira.functest.framework.FuncTestCase;
import com.atlassian.jira.functest.framework.HtmlPage;
import com.atlassian.jira.functest.framework.fields.EditFieldConstants;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;

@WebTest({Category.FUNC_TEST, Category.ISSUES, Category.SECURITY})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/issue/security/xss/TestXssOnCreateIssueDetailsPage.class */
public class TestXssOnCreateIssueDetailsPage extends FuncTestCase {
    private static final int PROJECT_HOMOSAP_ID = 10000;
    private static final String XSS_ID = "__xss_script_injected_into_the_page__";
    private static final String XSS = "\"/><script id='__xss_script_injected_into_the_page__'></script>";
    private static final String XSS_ESCAPED = "&quot;/&gt;&lt;script id=&#39;__xss_script_injected_into_the_page__&#39;&gt;&lt;/script&gt;";

    public void testXssReporterNameOnCreateIssueDetailsPage() {
        this.backdoor.restoreBlankInstance();
        this.backdoor.darkFeatures().disableForSite("jira.no.frother.reporter.field");
        this.navigation.dashboard();
        this.navigation.gotoPage("/secure/CreateIssueDetails.jspa?issuetype=2&pid=10000&atl_token=" + new HtmlPage(this.tester).getXsrfToken() + "&reporter=\"/><script id='__xss_script_injected_into_the_page__'></script>");
        this.tester.assertElementPresent(EditFieldConstants.REPORTER);
        this.tester.assertTextPresent("&quot;/&gt;&lt;script id=&#39;__xss_script_injected_into_the_page__&#39;&gt;&lt;/script&gt;");
        this.tester.assertElementNotPresent("__xss_script_injected_into_the_page__");
    }
}
