package com.atlassian.confluence.webdriver;

import com.atlassian.confluence.it.Page;
import com.atlassian.confluence.it.Space;
import com.atlassian.confluence.it.SpacePermission;
import com.atlassian.confluence.it.User;
import com.atlassian.confluence.it.admin.BundledTheme;
import junit.framework.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:com/atlassian/confluence/webdriver/ViewSpaceTest.class */
public class ViewSpaceTest extends AbstractInjectableWebDriverTest {
    private static final String MALICIOUS_SPACE_NAME = "</title><<script>document.write(1 + 1);</script>";
    private static final String TEST_PAGE_NAME = "Test page";
    private final Space xssSpace = new Space("XSS", MALICIOUS_SPACE_NAME, "This space tries to exploit a scripting vulnerability in the space name");
    private final Page testXssSpaceNamePage = new Page(this.xssSpace, TEST_PAGE_NAME, "Lorem ipsum");

    @Before
    public void createTestData() {
        this.rpc.createSpace(this.xssSpace);
        this.rpc.getPageId(this.xssSpace.getHomePage());
        this.rpc.createPage(this.testXssSpaceNamePage);
        this.rpc.grantPermissions(this.xssSpace, User.TEST, new SpacePermission[]{SpacePermission.VIEW, SpacePermission.PAGE_EDIT});
    }

    @Test
    public void testSpaceNameContainingXss_DefaultTheme() {
        runTestSpaceNameContainingXss();
    }

    @Test
    public void testSpaceNameContainingXss_DocumentationTheme() {
        this.rpc.logIn(User.ADMIN);
        this.rpc.setThemeForSpace(this.xssSpace, BundledTheme.getDocumentationTheme());
        runTestSpaceNameContainingXss();
    }

    private void runTestSpaceNameContainingXss() {
        this.product.loginAndView(User.TEST, this.testXssSpaceNamePage);
        Assert.assertEquals("Test page - </title><<script>document.write(1 + 1);</script> - Confluence", this.product.getTester().getDriver().getTitle());
    }
}
