Commit 975c05d2 authored by Charlie Amoah's avatar Charlie Amoah Committed by Robert Lyon

behat test:sql injection in group search result and create group

Change-Id: I2f3b2c34772155a0f8f89239b34dd29414b1e8c3
Note: Test doesn't work beacuse I can't create groups
parent c1c893e5
@javascript @core @core_administration
Feature:Injecting sql in groups search field
In order to inject javascript in group search field and group name field
As an admin
To see if mahara is secure enough
Scenario:Injecting sql in groups search field
Given I log in as "admin" with password "Kupuhipa1"
And I follow "Groups"
And I click on "Create group"
And I set the following fields to these values:
| Group name | <script>alert(1);</script> |
| Group description | <script>alert(1);</script> |
| Open| Off |
| Hide group | Off |
And I press "Save group"
And I should see "Group saved successfully"
And I follow "Administration"
And I follow "Groups"
When I set the following fields to these values:
| search_query | <script>alert(1);</script> |
And I press "search_submit"
And I follow "Privacy statement"
And I should see "Introduction"
Then I go to "homepage"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment