I3:FeatureTest-RP Sanitization of Claims Containing HTML Entities

From OSIS Open Source Identity Systems
Jump to: navigation, search

{{#vardefine:page|{{#if:{{#var:page}}|{{#var:page}}|FeatureTest-RP Sanitization of Claims Containing HTML Entities}}}}{{#vardefine:nr|{{#if:{{#var:nr}}|{{#expr:{{#var:nr}}+1}}|1}}}}{{#vardefine:url|{{#replace:{{#var:page}}| |_}}}}{{#if:RP Sanitization of Claims Containing HTML Entities|{{#if:{{#var:DtArticleSortKey}}||}}}}{{#ifeq:{{#var:header}}|no||

{{#ifeq:no|no||
{{#if:{{#var:refs}}|[[{{#var:page}}|no_ref's]]|[[Special:Call/DT Article show Refs,page={{#var:page}},refs=yes|ref's]]}}}} {{#if:{{#var:DtArticleSortKey}}|({{#var:DtArticleSortKey}})}}    list help  [[Special:Call/DT Article copy,cat=FeatureTest,from={{#var:page}},namespace=I3|copy]]  [[Special:Call/DT Articles list XML,type=FeatureTest,title={{#var:page}},namespace=I3|as XML]]  edit
}}
{{#if:|Feature Test |Feature Test }}   RP Sanitization of Claims Containing HTML Entities
Test Type   bgcolor={{{color}}}}}|Claim Processing
Identifier   bgcolor={{{color}}}}}|FTI3-irp-claimprocessing-1  
Description   bgcolor={{{color}}}}}|Tests that an RP is not susceptible to script-based injection attacks  
Role tested   bgcolor={{{color}}}}}|Information Card Relying Party  
Known Successful Reference Solution(s)   bgcolor={{{color}}}}}|{{ #if: |
[[I3:]]}}{{ #if: |
[[I3:]]}} {{ #if: |
}} {{ #if: |
}}  
Success Criteria   bgcolor={{{color}}}}}|No popups are displayed  
Failure Criteria   bgcolor={{{color}}}}}|One or more popups are displayed  

Features Proven

{{#dpl:debug=1

 |resultsheader=\n
 |noresultsheader= {|\n|bgcolor=#eeeeee|No matching Feature found.\n|}\n
 |category=Feature
 |namespace=I3
 |linksto=I3:FeatureTest-RP Sanitization of Claims Containing HTML Entities
 |nottitlematch = Feature.edit
 |include={Feature}.viewfromtest
 |includematch=/FeatureTest-RP Sanitization of Claims Containing HTML Entities/s
 |table=class=sortable,-,Feature,feature_type,solution_role

}}

Instructions

Instructions

  1. Open the result page for the Relying Party solution for this particular featuretest.
  2. Download the | HTML Entities Test Card
  3. Install it in your selector
  4. Navigate to the Relying Party Site
  5. Invoke the Selector
  6. Select Select the HTML Entities Card
  7. Validate Relying Party response
  8. Set outcome:
    1. If the RP does not popup any windows saying "hacked", set outcome to Works
    2. If javascript alert windows pop up, set outcome to Failed
    3. If you saw specific issues, mark the outcome as "Issues" and outline the issues by commenting on the "Talk" tab of this page
  9. Add either four tilde ~~~~ signs or a text name into the "testedby" parameter
  10. Update the date tested, operating systems, and tested solutions parameters of the results page