+
+ @Test
+ public void postOnboardingWidgetXSSTest(){
+ EPUser user=mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ FieldsValidator actualFieldsValidator = null;
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(rolesService.isSuperAdmin(user)).thenReturn(true);
+ Mockito.when(rolesService.isAccountAdmin(user)).thenReturn(true);
+ OnboardingWidget onboardingWidget=new OnboardingWidget();
+ onboardingWidget.id=12L;
+ onboardingWidget.appName="<script>alert(/XSS”)</script>";
+ onboardingWidget.normalize();
+ FieldsValidator expectedFieldValidator = new FieldsValidator();
+ List<FieldName> fields = new ArrayList<>();
+
+ expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+ expectedFieldValidator.setFields(fields);
+ expectedFieldValidator.setErrorCode(null);
+ Mockito.when(widgetService.setOnboardingWidget(user, onboardingWidget)).thenReturn(expectedFieldValidator);
+ actualFieldsValidator = widgetsController.postOnboardingWidget(mockedRequest, onboardingWidget, mockedResponse);
+ assertEquals(expectedFieldValidator.getHttpStatusCode(), actualFieldsValidator.getHttpStatusCode());
+ assertEquals(expectedFieldValidator.getErrorCode(), actualFieldsValidator.getErrorCode());
+ assertEquals(expectedFieldValidator.getFields(), actualFieldsValidator.getFields());
+ }