package org.kohsuke.stapler;

import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.WebResponse;
import java.net.URL;
import org.jvnet.hudson.test.For;
import org.kohsuke.stapler.test.JettyTestCase;

@For({Stapler.class})
/* loaded from: input_file:org/kohsuke/stapler/Stapler2Test.class */
public class Stapler2Test extends JettyTestCase {
    public void testTraceXSS() throws Exception {
        WebClient webClient = new WebClient();
        webClient.setThrowExceptionOnFailingStatusCode(false);
        Dispatcher.TRACE = true;
        try {
            WebResponse webResponse = webClient.getPage(new URL(this.url, "thing/<button>/x")).getWebResponse();
            Dispatcher.TRACE = false;
            assertEquals(404, webResponse.getStatusCode());
            String contentAsString = webResponse.getContentAsString();
            assertTrue(contentAsString, contentAsString.contains("&lt;button&gt;"));
            assertFalse(contentAsString, contentAsString.contains("<button>"));
        } catch (Throwable th) {
            Dispatcher.TRACE = false;
            throw th;
        }
    }

    public Object getThing(String str) {
        return str;
    }
}
