a3577f986d6be7187d91bccd8d990cd4be20e29a,ui-tests/src/test/java/org/openmrs/reference/XSSOnPhoneNumberFieldTest.java,XSSOnPhoneNumberFieldTest,XSSOnPhoneNumberFieldTest,#,35

Before Change


    @Test
    public void  XSSOnPhoneNumberFieldTest() throws Exception {
        patientDashboardPage.clickOnShowContact();
        patientDashboardPage.clickOnEditContact();
        registrationPage.clickOnPhoneNumberEdit();
        registrationPage.clearPhoneNumber();
        registrationPage.enterPhoneNumber("<script>alert(0)</script>");
        registrationPage.clickOnConfirmEdit();
        assertTrue(driver.getPageSource().contains("Must be a valid phone number (with +, -, numbers or parentheses)"));
        registrationPage.clearPhoneNumber();
        registrationPage.enterPhoneNumber("111111111");
        registrationPage.clickOnConfirmEdit();
        registrationPage.confirmPatient();
        patientDashboardPage.waitForVisitLinkHidden();
        assertTrue(driver.getPageSource().contains("Saved changes in contact info for"));

After Change


    @Test
    @Category(BuildTests.class)
    public void  XSSOnPhoneNumberFieldTest() throws Exception {
        activeVisitsPage = homePage.goToActiveVisitsSearch();
        activeVisitsPage.search(patient.identifier);
        patientDashboardPage = activeVisitsPage.goToPatientDashboardOfLastActiveVisit();
        patientDashboardPage.clickOnShowContact();
        registrationEditSectionPage = patientDashboardPage.clickOnEditContact();
        registrationEditSectionPage.clickOnPhoneNumberEdit();
        registrationEditSectionPage.clearPhoneNumber();
        registrationEditSectionPage.enterPhoneNumber("<script>alert(0)</script>");
        registrationEditSectionPage.clickOnConfirmEdit();
        assertTrue(driver.getPageSource().contains("Must be a valid phone number (with +, -, numbers or parentheses)"));
        registrationEditSectionPage.clearPhoneNumber();
        registrationEditSectionPage.enterPhoneNumber("111111111");
        registrationEditSectionPage.clickOnConfirmEdit();
        patientDashboardPage = registrationEditSectionPage.confirmPatient();
        assertTrue(driver.getPageSource().contains("111111111\n        <em>Telephone Number</em>"));

    }