MC-15311: [Sec] PageBuilder XSS Injection Possible Through Block on HTML Code Content Type For CSS Classes Attribute & in TinyMCE

- test coverage for invalid css classes

Author: anthoula

app/code/Magento/PageBuilder/Test/Mftf/Data/AdvancedData.xml

@@ -304,6 +304,20 @@
         <data key="fieldName">css_classes</data>
         <data key="value">first-class second-class third-class</data>
     </entity>
+    <entity name="PageBuilderAdvancedCssClassesProperty_Invalid_GreaterThan" type="pagebuilder_advanced_css_classes_property">
+        <data key="name">CSS Classes</data>
+        <data key="section">advanced</data>
+        <data key="fieldName">css_classes</data>
+        <data key="value">first&gt;class second-class third-class</data>
+        <data key="errorMessage">Please enter a valid CSS class.</data>
+    </entity>
+    <entity name="PageBuilderAdvancedCssClassesProperty_Invalid_LessThan" type="pagebuilder_advanced_css_classes_property">
+        <data key="name">CSS Classes</data>
+        <data key="section">advanced</data>
+        <data key="fieldName">css_classes</data>
+        <data key="value">first-class second-class third&lt;class</data>
+        <data key="errorMessage">Please enter a valid CSS class.</data>
+    </entity>
     <!-- Text Color -->
     <entity name="PageBuilderAdvancedTextColorProperty" type="pagebuilder_advanced_color_property">
         <data key="name">Text Color</data>

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderAdvancedConfigurationTest.xml

@@ -1629,8 +1629,6 @@
         <actionGroup ref="dragContentTypeToStage" stepKey="dragRowIntoStage2">
             <argument name="contentType" value="PageBuilderRowContentType"/>
         </actionGroup>
-        <!-- Add CSS Classes: Empty -->
-        <comment userInput="Add CSS Classes: Empty" stepKey="commentAddCSSClassesEmpty"/>
         <actionGroup ref="expandPageBuilderPanelMenuSection" stepKey="expandPageBuilderPanelMenuSection">
             <argument name="contentType" value="PageBuilderTextContentType"/>
         </actionGroup>
@@ -1648,6 +1646,24 @@
         <actionGroup ref="addTextToTinyMCE" stepKey="enterText1">
             <argument name="property" value="PageBuilderTextProperty"/>
         </actionGroup>
+        <!-- Add CSS Classes: Invalid Greater Than -->
+        <comment userInput="Add CSS Classes: Invalid Greater Than" stepKey="commentAddCSSClassesInvalidGreaterThan"/>
+        <actionGroup ref="fillSlideOutPanelFieldAndExpectToSeeErrorInFieldset" stepKey="enterGreaterThanSymbol">
+            <argument name="property" value="PageBuilderAdvancedCssClassesProperty_Invalid_GreaterThan"/>
+        </actionGroup>
+        <actionGroup ref="saveEditPanelAndValidateFieldError" stepKey="validateErrorGreaterThan">
+            <argument name="property" value="PageBuilderAdvancedCssClassesProperty_Invalid_GreaterThan"/>
+        </actionGroup>
+        <!-- Add CSS Classes: Invalid Less Than -->
+        <comment userInput="Add CSS Classes: Invalid Less Than" stepKey="commentAddCSSClassesInvalidLessThan"/>
+        <actionGroup ref="fillSlideOutPanelFieldAndExpectToSeeErrorInFieldset" stepKey="enterLessThanSymbol">
+            <argument name="property" value="PageBuilderAdvancedCssClassesProperty_Invalid_LessThan"/>
+        </actionGroup>
+        <actionGroup ref="saveEditPanelAndValidateFieldError" stepKey="validateErrorLessThan">
+            <argument name="property" value="PageBuilderAdvancedCssClassesProperty_Invalid_LessThan"/>
+        </actionGroup>
+        <!-- Add CSS Classes: Empty -->
+        <comment userInput="Add CSS Classes: Empty" stepKey="commentAddCSSClassesEmpty"/>
         <actionGroup ref="clearSlideOutPanelFieldGeneral" stepKey="clearCSSClasses">
             <argument name="property" value="PageBuilderAdvancedCssClassesDefaultProperty"/>
         </actionGroup>