Java Code Examples for com.gargoylesoftware.htmlunit.html.HtmlElement#getAttribute()

@Test(groups = {"notLoggedIn"})
public void testUserFilterWithAjaxDeny() throws Exception
{
	clickOnBasePage("tynamoLoginLink");
	loginAction();
	clickOnBasePage("contributed");
	// now go log out in a different "window"
	HtmlPage indexPage = webClient.getPage(BASEURI);
	indexPage.getHtmlElementById("tynamoLogoutLink").click();

	// Clicking on this link should make an ajax request, but HTMLUnit doesn't like it and sends a non-ajax request
	HtmlElement ajaxLink = (HtmlElement) page.getElementById("ajaxLink");
	URL ajaxUrl = new URL(APP_HOST_PORT + ajaxLink.getAttribute("href"));
	WebRequest ajaxRequest = new WebRequest(ajaxUrl);
	ajaxRequest.setAdditionalHeader("X-Requested-With", "XMLHttpRequest");

	Page jsonLoginResponse = webClient.getPage(ajaxRequest);
	String ajaxLoginResp = jsonLoginResponse.getWebResponse().getContentAsString();
	JSONObject jsonResp = new JSONObject(ajaxLoginResp);
	String ajaxRedirectUrl = jsonResp.getString("redirectURL");
	assertTrue(ajaxRedirectUrl.startsWith(APP_CONTEXT + "security/login"), "The ajax redirect response '"
		+ ajaxRedirectUrl + "' did not start with '" + APP_CONTEXT + "security/login'");
	page = webClient.getPage(APP_HOST_PORT + ajaxRedirectUrl);
	assertLoginPage();
}
 

/**
 * {@inheritDoc}
 */
@Override
public Object get(final String name, final Scriptable start) {
    final HtmlElement e = (HtmlElement) getDomNodeOrNull();
    if (e != null) {
        final String value = e.getAttribute("data-" + decamelize(name));
        if (value != DomElement.ATTRIBUTE_NOT_DEFINED) {
            return value;
        }
    }
    return NOT_FOUND;
}
 

/**
 * {@inheritDoc}
 */
@Override
public Object get(final String name, final Scriptable start) {
    final HtmlElement e = (HtmlElement) getDomNodeOrNull();
    if (e != null) {
        final String value = e.getAttribute("data-" + decamelize(name));
        if (value != DomElement.ATTRIBUTE_NOT_DEFINED) {
            return value;
        }
    }
    return NOT_FOUND;
}
 

private void checkXssWithResourceName(String resourceName) throws Exception {
  LockableResourcesManager.get().createResource(resourceName);

  j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
  j.jenkins.setAuthorizationStrategy(new FullControlOnceLoggedInAuthorizationStrategy());

  JenkinsRule.WebClient wc = j.createWebClient();
  wc.login("user");

  final AtomicReference<String> lastAlertReceived = new AtomicReference<>();
  wc.setAlertHandler(
      new AlertHandler() {
        @Override
        public void handleAlert(Page page, String s) {
          lastAlertReceived.set(s);
        }
      });

  HtmlPage htmlPage = wc.goTo("lockable-resources");
  assertThat(lastAlertReceived.get(), nullValue());

  // currently only one button but perhaps in future version of the core/plugin,
  // other buttons will be added to the layout
  List<HtmlElement> allButtons = htmlPage.getDocumentElement().getElementsByTagName("button");
  assertThat(allButtons.size(), greaterThanOrEqualTo(1));

  HtmlElement reserveButton = null;
  for (HtmlElement b : allButtons) {
    String onClick = b.getAttribute("onClick");
    if (onClick != null && onClick.contains("reserve")) {
      reserveButton = b;
    }
  }
  assertThat(reserveButton, not(nullValue()));

  try {
    HtmlElementUtil.click(reserveButton);
  } catch (FailingHttpStatusCodeException e) {
    // only happen if we have a XSS, but it's managed using the AlertHandler to ensure it's a XSS
    // and not just an invalid page
  }
  assertThat(lastAlertReceived.get(), nullValue());
}