Merge branch 'ACQE-7048' into ACQE-7157-functional-tests-mainline-deployment

manjusha729 · manjusha729 · commit a18a3d69bffc · 2024-11-05T11:12:14.000+05:30
diff --git a/app/code/Magento/Email/Test/Mftf/Data/EmailTemplatestoredXSSData.xml b/app/code/Magento/Email/Test/Mftf/Data/EmailTemplatestoredXSSData.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+    <!--
+     /**
+      * Copyright © Magento, Inc. All rights reserved.
+      * See COPYING.txt for license details.
+      * Copyright 2024 Adobe
+      * All Rights Reserved.
+      */
+    -->
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="urn:magento:mftf:DataGenerator/etc/dataProfileSchema.xsd">
+    <entity name="EmailTemplateWithStoreddXSS" type="template">
+        <data key="templateName">xss</data>
+        <data key="templateSubject">Subjectxss</data>
+        <data key="templateText">&lt;object data="data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpOzwvc2NyaXB0Pg=="/&gt;</data>
+        <data key="expectedTemplate"> </data>
+    </entity>
+</entities>
diff --git a/app/code/Magento/Email/Test/Mftf/Test/AdminEmailTemplateForStoredXSSTest.xml b/app/code/Magento/Email/Test/Mftf/Test/AdminEmailTemplateForStoredXSSTest.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  * Copyright 2024 Adobeststua
+  * All Rights Reserved.
+  */
+-->
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="AdminEmailTemplateForStoredXSSTest">
+        <annotations>
+            <features value="Email"/>
+            <stories value="Email template for stored XSS"/>
+            <title value="Email template with stored XSS should be escaped"/>
+            <description value="Admin creates a email template with stored XSS and it should not appear in template preview"/>
+            <severity value="MAJOR"/>
+            <testCaseId value="AC-4237"/>
+        </annotations>
+        <before>
+            <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>
+        </before>
+        <after>
+            <!--Delete created Template-->
+            <actionGroup ref="DeleteEmailTemplateActionGroup" stepKey="deleteTemplate"/>
+            <actionGroup ref="AdminClearGridFiltersActionGroup" stepKey="clearFilters"/>
+            <actionGroup ref="AdminLogoutActionGroup" stepKey="adminLogout"/>
+        </after>
+        <actionGroup ref="CreateCustomTemplateActionGroup" stepKey="createTemplate">
+            <argument name="template" value="EmailTemplateWithStoreddXSS"/>
+        </actionGroup>
+        <actionGroup ref="PreviewEmailTemplateActionGroup" stepKey="previewTemplate"/>
+        <actionGroup ref="AssertEmailTemplateContentActionGroup" stepKey="assertContent">
+            <argument name="expectedContent" value="{{EmailTemplateWithStoreddXSS.expectedTemplate}}"/>
+        </actionGroup>
+    </test>
+</tests>
