open |
/sessions/new |
|
type |
login |
admin |
type |
password |
admin |
clickAndWait |
commit |
|
open |
/dashboards |
|
click |
id=create-link-dashboard |
|
waitForVisible |
create-dashboard-form |
|
type |
id=name |
<script>alert('xss in name')</script> |
type |
id=description |
<script>alert('xss in description')</script> |
clickAndWait |
id=save-submit |
|
waitForText |
dashboards |
*<script>alert('xss in name')</script>*<script>alert('xss in description')</script>* |
click |
id=delete-%3Cscript%3Ealert%28%27xss%20in%20name%27%29%3C%2Fscript%3E |
|
waitForVisible |
delete-dashboard-form |
|
clickAndWait |
id=confirm-submit |
|
assertNotText |
dashboards |
*alert* |