MC-13922: [Sec] XSS Injection in Admin For Map Location Attributes, Image Caption, Slide Name

davemacaulay · davemacaulay · commit c1afd1909ee6 · 2019-02-11T18:53:04.000+01:00
- Resolve CR comments
diff --git a/app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderImageTest.xml b/app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderImageTest.xml
@@ -1410,8 +1410,8 @@
             <createData entity="_defaultCmsPage" stepKey="createCMSPage" />
         </before>
         <after>
-            <actionGroup ref="logout" stepKey="logout"/>
             <deleteData createDataKey="createCMSPage" stepKey="deletePreReqCMSPage" />
+            <actionGroup ref="logout" stepKey="logout"/>
         </after>
         <actionGroup ref="navigateToCreatedCMSPage" stepKey="navigateToCreatedCMSPage">
             <argument name="CMSPage" value="$$createCMSPage$$"/>
@@ -1439,11 +1439,15 @@
         <dontSeeJsError stepKey="dontSeeThrownError" />
         <waitForElementVisible selector="{{ImageOnStage.caption('1')}}" stepKey="waitForImageCaption" />
         <see selector="{{ImageOnStage.caption('1')}}" userInput="{{PageBuilderImageCaptionProperty_HtmlCode.value}}" stepKey="seeHtmlCodeInCaption" />
+        <actionGroup ref="saveAndContinueEditCmsPage" stepKey="saveAndContinueEditCmsPage"/>
+        <dontSeeJsError stepKey="dontSeeThrownErrorAfterSave" />
         <!-- Verify storefront -->
         <comment userInput="Verify storefront" stepKey="commentVerifyStorefront"/>
-        <actionGroup ref="saveAndContinueEditCmsPage" stepKey="saveAndContinueEditCmsPage"/>
-        <amOnPage url="$$createCMSPage.identifier$$" stepKey="amOnPageTestPage"/>
+        <actionGroup ref="navigateToStorefrontForCreatedPage" stepKey="navigateToCmsPage">
+            <argument name="page" value="$$createCMSPage.identifier$$"/>
+        </actionGroup>
         <waitForElementVisible selector="{{ImageOnStorefront.imageHasCaption}}" stepKey="waitForCaptionVisible" />
+        <dontSeeJsError stepKey="dontSeeThrownErrorOnStorefront" />
         <see selector="{{ImageOnStorefront.imageHasCaption}}" userInput="{{PageBuilderImageCaptionProperty_HtmlCode.value}}" stepKey="seeHtmlCodeOnStorefront" />
     </test>
 </tests>
diff --git a/app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderMapLocationAttributeTests.xml b/app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderMapLocationAttributeTests.xml
@@ -1014,14 +1014,13 @@
             <group value="pagebuilder-requiresValidMapAPIKey"/>
         </annotations>
         <before>
-            <magentoCLI command="config:set cms/pagebuilder/google_maps_api_key {{googleMapsAPIKey.valid}}" stepKey="setValidGoogleMapsAPIKey"/>
             <createData entity="_defaultCmsPage" stepKey="createCMSPage" />
             <actionGroup ref="LoginAsAdmin" stepKey="loginAsAdmin"/>
         </before>
         <after>
             <magentoCLI command="config:set cms/pagebuilder/google_maps_api_key ''" stepKey="setEmptyGoogleMapsAPIKey"/>
-            <actionGroup ref="logout" stepKey="logout"/>
             <deleteData createDataKey="createCMSPage" stepKey="deletePreReqCMSPage" />
+            <actionGroup ref="logout" stepKey="logout"/>
         </after>
         <actionGroup ref="navigateToCreatedCMSPage" stepKey="navigateToCreatedCMSPage">
             <argument name="CMSPage" value="$$createCMSPage$$"/>
@@ -1084,6 +1083,13 @@
             <argument name="country" value="PageBuilderMapCountry_USA"/>
         </actionGroup>
         <actionGroup ref="saveEditPanelSettings" stepKey="saveEditPanelSettings"/>
+        <!-- Save Page and Set Valid API Key -->
+        <comment userInput="Save Page and Set Valid API Key" stepKey="commentSavePageAndSetKey"/>
+        <magentoCLI command="config:set cms/pagebuilder/google_maps_api_key {{googleMapsAPIKey.valid}}" stepKey="setValidGoogleMapsAPIKey"/>
+        <actionGroup ref="saveAndContinueEditCmsPage" stepKey="saveAndContinueEditCmsPage"/>
+        <actionGroup ref="switchToPageBuilderStage" stepKey="switchToPageBuilderStage"/>
+        <!-- Validate Stage -->
+        <comment userInput="Validate Stage" stepKey="commentValidateStage1"/>
         <!-- Validate contents of tooltip on stage -->
         <comment userInput="Validate contents of tooltip on stage" stepKey="commentValidateContentsOfTooltip" />
         <actionGroup ref="validateMapPinLocationData" stepKey="validateMapTooltipStage">
@@ -1099,9 +1105,9 @@
         </actionGroup>
         <!-- Validate store front -->
         <comment userInput="Validate storefront" stepKey="commentValidateStorefront" />
-        <actionGroup ref="saveAndContinueEditCmsPage" stepKey="saveAndContinueEditCmsPage"/>
-        <amOnPage url="$$createCMSPage.identifier$$" stepKey="amOnPageTestPage"/>
-        <waitForPageLoad stepKey="waitForPageLoad" />
+        <actionGroup ref="navigateToStorefrontForCreatedPage" stepKey="navigateToCmsPage">
+            <argument name="page" value="$$createCMSPage.identifier$$"/>
+        </actionGroup>
         <actionGroup ref="validateMapPinLocationData" stepKey="validateMapTooltipStorefront">
             <argument name="page" value="MapOnStorefront" />
             <argument name="locationName" value="PageBuilderMapLocationName_HtmlCode"/>
diff --git a/app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderSlideItemCommonTest.xml b/app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderSlideItemCommonTest.xml
@@ -1808,7 +1808,7 @@
         <annotations>
             <features value="PageBuilder"/>
             <stories value="Slider"/>
-            <title value="Slide name does not render HTML"/>
+            <title value="Slide Item - Slide name does not render HTML"/>
             <description value="The slide name does not render as HTML within the tooltip on the slide navigation dot"/>
             <severity value="CRITICAL"/>
             <useCaseId value="MC-13922"/>
