Add selenium test case for issue 52247: ListTest.testAutoIncrementKey…

…Encoded
LabKey · Feb 14, 2025 · 96dccab · 96dccab
1 parent d1de0b3
commit 96dccab
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/src/org/labkey/test/tests/list/ListTest.java b/src/org/labkey/test/tests/list/ListTest.java
@@ -16,13 +16,15 @@
 
 package org.labkey.test.tests.list;
 
+import org.apache.commons.lang3.StringUtils;
 import org.hamcrest.CoreMatchers;
 import org.hamcrest.MatcherAssert;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.experimental.categories.Category;
+import org.labkey.api.query.QueryKey;
 import org.labkey.remoteapi.CommandException;
 import org.labkey.remoteapi.domain.Domain;
 import org.labkey.remoteapi.domain.DomainResponse;
@@ -38,6 +40,7 @@
 import org.labkey.test.categories.Daily;
 import org.labkey.test.categories.Data;
 import org.labkey.test.categories.Hosting;
+import org.labkey.test.components.CustomizeView;
 import org.labkey.test.components.domain.BaseDomainDesigner;
 import org.labkey.test.components.domain.ConditionalFormatDialog;
 import org.labkey.test.components.domain.DomainFieldRow;
@@ -1384,6 +1387,49 @@ public void testFieldUniqueConstraint()
         assertTextNotPresent("unique_constraint_list_fieldname_2");
     }
 
+    @Test // Issue 52247
+    public void testAutoIncrementKeyEncoded()
+    {
+        // setup a list with an auto-increment key that we need to make sure is encoded in the form input
+        String encodedListName = "autoIncrementEncodeList";
+        String keyName = "'><script>alert(\":(\")</script>'";
+        String encodedKeyName = StringUtils.replace(keyName, "\"", "&quot;");
+        _listHelper.createList(PROJECT_VERIFY, encodedListName, keyName, col("Name", ColumnType.String));
+        _listHelper.goToList(encodedListName);
+
+        DataRegionTable table = new DataRegionTable("query", getDriver());
+        CustomizeView customizeView = table.openCustomizeGrid();
+        customizeView.showHiddenItems();
+        customizeView.addColumn(QueryKey.encodePart(keyName));
+        customizeView.applyCustomView();
+
+        // insert a new row and verify the key is encoded in the form input
+        table.clickInsertNewRow();
+        String html = getHtmlSource();
+        checker().verifyFalse("List key hidden input not present.", html.contains("quf_" + encodedKeyName));
+        String nameValue = "test";
+        setFormElement(Locator.name("quf_Name"), nameValue);
+        clickButton("Submit");
+
+        // verify the name value is persisted
+        table = new DataRegionTable("query", getDriver());
+        checker().verifyEquals("Key value not as expected", "1", table.getDataAsText(0, keyName));
+        checker().verifyEquals("Name value not as expected", nameValue, table.getDataAsText(0, "Name"));
+
+        // verify name value can be updated
+        table.clickEditRow(0);
+        html = getHtmlSource();
+        checker().verifyTrue("List key hidden input not present.", html.contains("quf_" + encodedKeyName));
+        nameValue = "test updated";
+        setFormElement(Locator.name("quf_Name"), nameValue);
+        clickButton("Submit");
+
+        // verify the name value is persisted
+        table = new DataRegionTable("query", getDriver());
+        checker().verifyEquals("Key value not as expected", "1", table.getDataAsText(0, keyName));
+        checker().verifyEquals("Name value not as expected", nameValue, table.getDataAsText(0, "Name"));
+    }
+
     private void viewRawTableMetadata(String listName)
     {
         goToSchemaBrowser();