Tests for checking path param in metadata form

UtrechtUniversity · Jan 19, 2024 · 9c23f7d · 9c23f7d
1 parent 1b26b08
commit 9c23f7d
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 1 deletion.
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -357,3 +357,8 @@ def ui_browse_folder(browser, folder):
             link.click()
         else:
             browser.find_by_id('file-browser_next').click()
+
+
+@then('the 404 error page is shown')
+def ui_404_error(browser):
+    browser.is_text_present("Page not found")
diff --git a/tests/features/api/api_deposit_restricted.feature b/tests/features/api/api_deposit_restricted.feature
@@ -15,7 +15,7 @@ Feature: Deposit API (restricted)
         Then the response status code is "200"
 
         Examples:
-            | file                   |
+            | file                              |
             | deposit_restricted_test_file1.txt |
             | deposit_restricted_test_file2.txt |
             | deposit_restricted_test_file3.txt |

diff --git a/tests/features/ui/ui_meta.feature b/tests/features/ui/ui_meta.feature
@@ -31,3 +31,13 @@ Feature: Meta UI
         Examples:
             | folder           |
             | research-initial |
+
+
+    Scenario Outline: Check that path is safe
+        Given user researcher is logged in
+        When the user navigates to <page>
+        Then the 404 error page is shown
+
+        Examples:
+            | page                                                                 |
+            | /research/metadata/form?path=<script>alert(document.domain)</script> |