Tests - Migrate XSS tests to POM, check iframe

3liz · Jan 23, 2025 · b86a764 · b86a764
1 parent 5a8b980
commit b86a764
Show file tree

Hide file tree

Showing 6 changed files with 583 additions and 60 deletions.
diff --git a/tests/end2end/playwright/pages/project.js b/tests/end2end/playwright/pages/project.js
@@ -54,6 +54,11 @@ export class ProjectPage extends BasePage {
      * @type {Locator}
      */
     miniDock;
+    /**
+     * Popup dock
+     * @type {Locator}
+     */
+    popupContent;
     /**
      * Top search bar
      * @type {Locator}
@@ -75,6 +80,14 @@ export class ProjectPage extends BasePage {
     attributeTableHtml = (name) =>
         this.page.locator(`#attribute-layer-table-${name}`);
 
+    /**
+     * Editing field for the given field in the panel
+     * @param {string} name Name of the field
+     * @returns {Locator}
+     */
+    editingField = (name) =>
+        this.page.locator(`#jforms_view_edition input[name="${name}"]`);
+
     /**
      * Constructor for a QGIS project page
      * @param {Page} page The playwright page
@@ -89,6 +102,7 @@ export class ProjectPage extends BasePage {
         this.rightDock = page.locator('#right-dock');
         this.bottomDock = page.locator('#bottom-dock');
         this.miniDock = page.locator('#mini-dock-content');
+        this.popupContent = page.locator('#popupcontent');
         this.warningMessage = page.locator('#lizmap-warning-message');
         this.search = page.locator('#search-query');
         this.switcher = page.locator('#button-switcher');

diff --git a/tests/end2end/playwright/xss.spec.js b/tests/end2end/playwright/xss.spec.js
@@ -1,15 +1,15 @@
 // @ts-check
 import { test, expect } from '@playwright/test';
-import { gotoMap } from './globals';
+import {ProjectPage} from "./pages/project";
 
 test.describe('XSS', () => {
-    test.beforeEach(async ({ page }) => {
-        const url = '/index.php/view/map/?repository=testsrepository&project=xss';
-        await gotoMap(url, page);
-    });
 
-    // Test that flawed data are sanitized before being displayed
-    test('No dialog from inline JS alert() appears', async ({ page }) => {
+    test('Flawed data are sanitized before being displayed, no dialog from inline JS alert() appears',
+    {
+        tag: ['@readonly'],
+    },async ({ page }) => {
+        const project = new ProjectPage(page, 'xss');
+        await project.open();
 
         let dialogOpens = 0;
         page.on('dialog', dialog => {
@@ -18,43 +18,35 @@ test.describe('XSS', () => {
         });
 
         // Edition: add XSS data
-        await page.locator('#button-edition').click();
-        await page.locator('#edition-draw').click();
+        await project.openEditingFormWithLayer('xss_layer');
 
-        await page.locator('#jforms_view_edition input[name="description"]').fill('<script>alert("XSS")</script>');
+        await project.editingField('description').fill('<script>alert("XSS")</script>');
 
-        await page.locator('#jforms_view_edition__submit_submit').click();
+        await project.editingSubmitForm();
 
         // Open popup
-        await page.locator('#newOlMap').click({
-            position: {
-                x: 415,
-                y: 290
-            }
-        });
+        await project.clickOnMap(415, 290);
 
         // Open attribute table
-        await page.locator('#button-attributeLayers').click();
-        await page
-            .locator('button[value="xss_layer"].btn-open-attribute-layer')
-            .click({ force: true });
+        await project.openAttributeTable('xss_layer');
 
         expect(dialogOpens).toEqual(0);
     });
 
-    test('Sanitized iframe in popup', async ({ page }) => {
+    test('Sanitized iframe in popup',
+    {
+        tag: ['@readonly'],
+    },async ({ page }) => {
+        const project = new ProjectPage(page, 'xss');
+        await project.open();
+
         let getFeatureInfoRequestPromise = page.waitForRequest(request => request.method() === 'POST' && request.postData()?.includes('GetFeatureInfo') === true);
 
         // Open popup
-        await page.locator('#newOlMap').click({
-            position: {
-                x: 500,
-                y: 285
-            }
-        });
+        await project.clickOnMap(500, 285);
 
         await getFeatureInfoRequestPromise;
 
-        await expect(page.locator('#popupcontent iframe')).toHaveAttribute('sandbox', 'allow-scripts allow-forms');
+        await expect(project.popupContent.locator('iframe')).toHaveAttribute('sandbox', 'allow-scripts allow-forms');
     });
 });
diff --git a/tests/qgis-projects/data/iframe_pdf.geojson b/tests/qgis-projects/data/iframe_pdf.geojson
@@ -0,0 +1,8 @@
+{
+"type": "FeatureCollection",
+"name": "iframe_pdf",
+"crs": { "type": "name", "properties": { "name": "urn:ogc:def:crs:OGC:1.3:CRS84" } },
+"features": [
+{ "type": "Feature", "properties": { "ID": "1", "media": "media/test.pdf" }, "geometry": { "type": "Point", "coordinates": [ 3.883570434409934, 43.621029029306968 ] } }
+]
+}
diff --git a/tests/qgis-projects/tests/media/test.pdf b/tests/qgis-projects/tests/media/test.pdf