a3577f986d6be7187d91bccd8d990cd4be20e29a,ui-tests/src/test/java/org/openmrs/reference/XSSOnPhoneNumberFieldTest.java,XSSOnPhoneNumberFieldTest,XSSOnPhoneNumberFieldTest,#,35
Before Change
@Test
public void XSSOnPhoneNumberFieldTest() throws Exception {
patientDashboardPage.clickOnShowContact();
patientDashboardPage.clickOnEditContact();
registrationPage.clickOnPhoneNumberEdit();
registrationPage.clearPhoneNumber();
registrationPage.enterPhoneNumber("<script>alert(0)</script>");
registrationPage.clickOnConfirmEdit();
assertTrue(driver.getPageSource().contains("Must be a valid phone number (with +, -, numbers or parentheses)"));
registrationPage.clearPhoneNumber();
registrationPage.enterPhoneNumber("111111111");
registrationPage.clickOnConfirmEdit();
registrationPage.confirmPatient();
patientDashboardPage.waitForVisitLinkHidden();
assertTrue(driver.getPageSource().contains("Saved changes in contact info for"));
After Change
@Test
@Category(BuildTests.class)
public void XSSOnPhoneNumberFieldTest() throws Exception {
activeVisitsPage = homePage.goToActiveVisitsSearch();
activeVisitsPage.search(patient.identifier);
patientDashboardPage = activeVisitsPage.goToPatientDashboardOfLastActiveVisit();
patientDashboardPage.clickOnShowContact();
registrationEditSectionPage = patientDashboardPage.clickOnEditContact();
registrationEditSectionPage.clickOnPhoneNumberEdit();
registrationEditSectionPage.clearPhoneNumber();
registrationEditSectionPage.enterPhoneNumber("<script>alert(0)</script>");
registrationEditSectionPage.clickOnConfirmEdit();
assertTrue(driver.getPageSource().contains("Must be a valid phone number (with +, -, numbers or parentheses)"));
registrationEditSectionPage.clearPhoneNumber();
registrationEditSectionPage.enterPhoneNumber("111111111");
registrationEditSectionPage.clickOnConfirmEdit();
patientDashboardPage = registrationEditSectionPage.confirmPatient();
assertTrue(driver.getPageSource().contains("111111111\n <em>Telephone Number</em>"));
}