MC-13922: [Sec] XSS Injection in Admin For Map Location Attributes, Image Caption, Slide Name

- Add tests for image & slider

Author: davemacaulay

app/code/Magento/PageBuilder/Test/Mftf/ActionGroup/ContentTypeSliderActionGroup.xml

@@ -20,11 +20,6 @@
         <waitForPageLoad stepKey="waitForAnimation"/>
         <waitForElementVisible selector="{{slideSection.base(slideIndex)}}" stepKey="waitForSlide"/>
     </actionGroup>
-    <actionGroup name="unfocusSlideOptions">
-        <click selector="{{PageBuilderPanel.searchPanel}}" stepKey="clickOutsideLiveEdit"/>
-        <waitForPageLoad stepKey="waitForAnimation" time="30"/>
-        <waitForElementNotVisible selector="{{SlideOnBackend.optionTitle}}" stepKey="dontSeeSlideOptionsEdit"/>
-    </actionGroup>
     <actionGroup name="inlineEditWYSIWYGFromStageForSlideCollageAppearancesInSmallColumns" extends="inlineEditWYSIWYGFromStage">
         <click selector="{{SlideOnBackend.base(index)}}" stepKey="focusOnEditorArea"/>
     </actionGroup>

app/code/Magento/PageBuilder/Test/Mftf/Data/ImageData.xml

@@ -102,6 +102,12 @@
         <data key="fieldName">image_caption</data>
         <data key="value">This is my image caption</data>
     </entity>
+    <entity name="PageBuilderImageCaptionProperty_HtmlCode" type="pagebuilder_image_caption_property">
+        <data key="name">Image Caption</data>
+        <data key="section">general</data>
+        <data key="fieldName">image_caption</data>
+        <data key="value">&#x3C;img src=x onerror=&#x22;throw &#x27;error&#x27;;&#x22; /&#x3E;</data>
+    </entity>
     <entity name="PageBuilderImageAltTextProperty" type="pagebuilder_alt_text_property">
         <data key="name">Alternative Text</data>
         <data key="section">seo</data>

app/code/Magento/PageBuilder/Test/Mftf/Data/SlideData.xml

@@ -27,6 +27,12 @@
         <data key="fieldName">slide_name</data>
         <data key="value">Slide 2 Name</data>
     </entity>
+    <entity name="PageBuilderSlideItemSlideName_HtmlCode" type="pagebuilder_slide_item_slide_name_property">
+        <data key="name">Name</data>
+        <data key="section">appearance_fieldset</data>
+        <data key="fieldName">slide_name</data>
+        <data key="value">&#x3C;img src=x onerror=&#x22;throw &#x27;error&#x27;;&#x22; /&#x3E;</data>
+    </entity>
     <!-- Minimum Height -->
     <entity name="PageBuilderSlideItemMinimumHeight_500" type="pagebuilder_slide_item_minimum_height_property">
         <data key="name">Minimum Height</data>

app/code/Magento/PageBuilder/Test/Mftf/Section/PageBuilderImageSection.xml

@@ -37,6 +37,7 @@
     </section>
     <section name="ImageOnStage">
         <element name="base" type="text" selector="(//div[contains(@class,'pagebuilder-content-type') and contains(@class,'pagebuilder-image')])[{{arg1}}]" parameterized="true"/>
+        <element name="caption" type="text" selector="(//div[contains(@class,'pagebuilder-content-type') and contains(@class,'pagebuilder-image')])[{{arg1}}]//figcaption" parameterized="true"/>
         <!-- Advanced Configuration -->
         <element name="noAlignment" type="text" selector="(//div[contains(@class,'pagebuilder-content-type') and contains(@class,'pagebuilder-image')])[{{arg1}}]//figure[not(contains(@style,'text-align:'))]" parameterized="true"/>
         <element name="alignment" type="text" selector="(//div[contains(@class,'pagebuilder-content-type') and contains(@class,'pagebuilder-image')])[{{arg1}}]//figure[contains(@style,'text-align: {{arg2}};')]" parameterized="true"/>
@@ -59,7 +60,7 @@
         <element name="imageElement" type="button" selector="figure[data-role='image'] img:nth-child({{arg1}})" parameterized="true"/>
         <element name="imageElementCSS" type="text" selector="figure[data-role=image] img"/>
         <element name="imageHasAltText" type="button" selector="img.pagebuilder-mobile-hidden[alt='{{arg1}}']" parameterized="true"/>
-        <element name="imageHasCaption" type="button" selector="figcaption"/>
+        <element name="imageHasCaption" type="button" selector="figure[data-role='image'] figcaption"/>
         <element name="imageHasTitleTag" type="button" selector="img.pagebuilder-mobile-hidden[title='{{arg1}}']" parameterized="true"/>
         <element name="imageLink" type="button" selector="figure[data-role='image'] a[href='{{arg1}}']" parameterized="true"/>
         <element name="imageLinkTarget" type="button" selector="figure[data-role='image'] a[target='{{arg1}}']" parameterized="true"/>

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderImageTest.xml

@@ -1393,4 +1393,57 @@
         <seeElement selector="{{TabOnStorefront.base('4')}}" stepKey="seeTab4Storefront"/>
         <seeElement selector="{{ImageOnStorefront.base('4')}}" stepKey="seeImage4Storefront"/>
     </test>
+    <test name="ImageCaptionDoesNotRenderHtml">
+        <annotations>
+            <features value="PageBuilder"/>
+            <stories value="Image"/>
+            <title value="Image caption does not render HTML"/>
+            <description value="Image caption should not render HTML within the browser or storefront"/>
+            <severity value="CRITICAL"/>
+            <useCaseId value="MC-13922"/>
+            <testCaseId value="MC-13933"/>
+            <group value="pagebuilder"/>
+            <group value="pagebuilder-image"/>
+        </annotations>
+        <before>
+            <actionGroup ref="LoginAsAdmin" stepKey="loginAsAdmin"/>
+            <createData entity="_defaultCmsPage" stepKey="createCMSPage" />
+        </before>
+        <after>
+            <actionGroup ref="logout" stepKey="logout"/>
+            <deleteData createDataKey="createCMSPage" stepKey="deletePreReqCMSPage" />
+        </after>
+        <actionGroup ref="navigateToCreatedCMSPage" stepKey="navigateToCreatedCMSPage">
+            <argument name="CMSPage" value="$$createCMSPage$$"/>
+        </actionGroup>
+        <!-- Add Image to Tab -->
+        <comment userInput="Add Image to Tab" stepKey="commentAddImageToTab"/>
+        <actionGroup ref="expandPageBuilderPanelGroup" stepKey="expandPageBuilderPanelGroup">
+            <argument name="group" value="PageBuilderImageContentType"/>
+        </actionGroup>
+        <actionGroup ref="dragContentTypeToStage" stepKey="dragContentTypeToStage">
+            <argument name="contentType" value="PageBuilderImageContentType"/>
+        </actionGroup>
+        <actionGroup ref="addImageToStage" stepKey="addImageToStage">
+            <argument name="property" value="PageBuilderImageProperty_StageJPG"/>
+        </actionGroup>
+        <actionGroup ref="openPageBuilderEditPanel" stepKey="openEditMenuOnStage">
+            <argument name="contentType" value="PageBuilderImageContentType"/>
+        </actionGroup>
+        <actionGroup ref="fillSlideOutPanelFieldGeneral" stepKey="enterImageCaptionProperty">
+            <argument name="property" value="PageBuilderImageCaptionProperty_HtmlCode"/>
+        </actionGroup>
+        <actionGroup ref="saveEditPanelSettings" stepKey="saveEditPanelSettings"/>
+        <!-- Verify admin -->
+        <comment userInput="Verify admin" stepKey="commentVerifyAdmin"/>
+        <dontSeeJsError stepKey="dontSeeThrownError" />
+        <waitForElementVisible selector="{{ImageOnStage.caption('1')}}" stepKey="waitForImageCaption" />
+        <see selector="{{ImageOnStage.caption('1')}}" userInput="{{PageBuilderImageCaptionProperty_HtmlCode.value}}" stepKey="seeHtmlCodeInCaption" />
+        <!-- Verify storefront -->
+        <comment userInput="Verify storefront" stepKey="commentVerifyStorefront"/>
+        <actionGroup ref="saveAndContinueEditCmsPage" stepKey="saveAndContinueEditCmsPage"/>
+        <amOnPage url="$$createCMSPage.identifier$$" stepKey="amOnPageTestPage"/>
+        <waitForElementVisible selector="{{ImageOnStorefront.imageHasCaption}}" stepKey="waitForCaptionVisible" />
+        <see selector="{{ImageOnStorefront.imageHasCaption}}" userInput="{{PageBuilderImageCaptionProperty_HtmlCode.value}}" stepKey="seeHtmlCodeOnStorefront" />
+    </test>
 </tests>

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderSlideItemCommonTest.xml

@@ -1862,4 +1862,53 @@
         <waitForPageLoad stepKey="waitForPageLoad4"/>
         <seeElement selector="{{SlideOnFrontend.messageContentTextAreaImage('1', PageBuilderImageProperty_StageJPG.value)}}" stepKey="validateImageFrontEnd"/>
     </test>
+    <test name="SlideNameDoesNotRenderHtml">
+        <annotations>
+            <features value="PageBuilder"/>
+            <stories value="Slider"/>
+            <title value="Slide name does not render HTML"/>
+            <description value="The slide name does not render as HTML within the tooltip on the slide navigation dot"/>
+            <severity value="CRITICAL"/>
+            <useCaseId value="MC-13922"/>
+            <testCaseId value="MC-13932"/>
+            <group value="pagebuilder"/>
+            <group value="pagebuilder-slide"/>
+            <group value="pagebuilder-slideItemCommon"/>
+        </annotations>
+        <before>
+            <actionGroup ref="LoginAsAdmin" stepKey="loginAsAdmin"/>
+            <actionGroup ref="navigateToAPageWithPageBuilder" stepKey="navigateToAPageWithPageBuilder"/>
+            <actionGroup ref="switchToPageBuilderStage" stepKey="switchToPageBuilderStage"/>
+        </before>
+        <after>
+            <actionGroup ref="logout" stepKey="logout"/>
+        </after>
+        <!-- Add Slider -->
+        <comment userInput="Add Slider" stepKey="commentAddContentType"/>
+        <actionGroup ref="expandPageBuilderPanelGroup" stepKey="expandPageBuilderPanelGroup">
+            <argument name="group" value="PageBuilderSliderContentType"/>
+        </actionGroup>
+        <actionGroup ref="dragContentTypeToStage" stepKey="dragContentTypeOntoStage">
+            <argument name="contentType" value="PageBuilderSliderContentType"/>
+        </actionGroup>
+        <actionGroup ref="openPageBuilderEditPanelSmallByIndex" stepKey="openEditPanelAfterDrop">
+            <argument name="section" value="SlideOnBackend"/>
+        </actionGroup>
+        <!-- Edit Slide 1 -->
+        <comment userInput="Edit Slide 1" stepKey="commentEditSlide1"/>
+        <actionGroup ref="fillSlideOutPanelFieldGeneral" stepKey="enterSlideNameText1">
+            <argument name="property" value="PageBuilderSlideItemSlideName_HtmlCode"/>
+        </actionGroup>
+        <actionGroup ref="saveEditPanelSettings" stepKey="saveEditPanel1Settings"/>
+        <dontSeeJsError stepKey="dontSeeThrownError" />
+        <actionGroup ref="unFocusOptionMenu" stepKey="unfocusSlideOptions">
+            <argument name="contentType" value="PageBuilderSlideContentType"/>
+        </actionGroup>
+        <moveMouseOver selector="{{SliderOnStage.slideNavigationDot('1', '1')}}" stepKey="moveMouseOverTooltip" />
+        <waitForPageLoad stepKey="waitForPageLoad"/>
+        <!-- Verify tooltip hasn't rendered HTML -->
+        <comment userInput="Verify tooltip hasn't rendered HTML" stepKey="commentVerifyTooltipNotRendered"/>
+        <waitForElementVisible selector="{{SliderOnStage.slideNavigationDotNameTooltip('1')}}" stepKey="waitForTooltipVisible" />
+        <see selector="{{SliderOnStage.slideNavigationDotNameTooltip('1')}}" userInput="{{PageBuilderSlideItemSlideName_HtmlCode.value}}" stepKey="seeHtmlCodeInTooltip" />
+    </test>
 </tests>