package com.atlassian.jira.webtests.ztests.project.security.xss;

import com.atlassian.jira.functest.framework.FuncTestCase;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;

@WebTest({Category.FUNC_TEST, Category.SECURITY, Category.PROJECTS})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/project/security/xss/TestAssignGroupsToProjectRole.class */
public class TestAssignGroupsToProjectRole extends FuncTestCase {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.jira.functest.framework.FuncTestCase
    public void setUpTest() {
        this.administration.restoreBlankInstance();
    }

    public void testXssOnProjectIdParameter() {
        this.tester.gotoPage("jira/secure/project/GroupRoleActorAction.jspa?projectRoleId=10002&projectId=10000<script>alert('xss exploit');</script>");
        this.tester.assertTextPresent("&lt;script&gt;alert(&#39;xss exploit&#39;);&lt;/script&gt;");
        this.tester.assertTextNotPresent("<script>alert('xss exploit');</script>");
    }

    public void testXssOnProjectRoleIdParameter() {
        this.tester.gotoPage("jira/secure/project/GroupRoleActorAction.jspa?projectRoleId=10002<script>alert('xss exploit');</script>&projectId=10000");
        this.tester.assertTextPresent("&lt;script&gt;alert(&#39;xss exploit&#39;);&lt;/script&gt;");
        this.tester.assertTextNotPresent("<script>alert('xss exploit');</script>");
    }
}
