Merge remote-tracking branch 'origin/MC-5835' into cms-team-1-delivery

Author: Hwashiang Yu

app/code/Magento/PageBuilder/Test/Mftf/ActionGroup/ContentTypeProductsActionGroup.xml

@@ -77,7 +77,7 @@
     <actionGroup name="addCategoryConditionToProductsBlock">
         <arguments>
             <argument name="page" defaultValue=""/>
-            <argument name="category" defaultValue=""/>
+            <argument name="category" defaultValue="" type="string"/>
             <argument name="conditionIndex" defaultValue="1" type="string"/>
         </arguments>
         <waitForElementVisible selector="{{page.conditionsList}}" stepKey="waitForConditionsToLoad"/>

app/code/Magento/PageBuilder/Test/Mftf/Data/CommonContentTypeData.xml

@@ -113,4 +113,16 @@
         <data key="name">Box Shadow</data>
         <data key="value">rgb(153, 153, 153) 0px 0px 0px 1px</data>
     </entity>
+    <!-- Message -->
+    <entity name="PageBuilderMessageProperty_WordBreak" type="pagebuilder_message_property">
+        <data key="name">Message Text</data>
+        <data key="section">contents</data>
+        <data key="role">textarea</data>
+        <data key="fieldName">message</data>
+        <data key="value">Magento1111111 Page11111111111</data>
+    </entity>
+    <!-- XSS Payload -->
+    <entity name="PageBuilderXSSPayloadProperty" type="pagebuilder_xss_payload">
+        <data key="value">&gt;&lt;img src=x onerror=throw(1)&gt;</data>
+    </entity>
 </entities>

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderProductsTest.xml

@@ -1359,4 +1359,54 @@
             <expectedResult type="variable">productActionsWidthFrontend</expectedResult>
         </assertGreaterThan>
     </test>
+    <test name="ProductConditionsInvulnerableToXSS">
+        <annotations>
+            <features value="PageBuilder"/>
+            <stories value="Products"/>
+            <title value="Product Content Type is invulnerable to XSS via product condition payload injection"/>
+            <description value="As a Content Manager I want Product Content Type to be invulnerable to XSS via product condition payload injection so that the security of my admin experience is retained"/>
+            <severity value="CRITICAL"/>
+            <useCaseId value="MC-5835"/>
+            <testCaseId value="MC-6486"/>
+            <group value="pagebuilder"/>
+            <group value="pagebuilder-products"/>
+            <group value="pagebuilder-security"/>
+        </annotations>
+        <before>
+            <actionGroup ref="LoginAsAdmin" stepKey="loginAsAdmin"/>
+            <actionGroup ref="navigateToAPageWithPageBuilder" stepKey="navigateToAPageWithPageBuilder"/>
+            <actionGroup ref="switchToPageBuilderStage" stepKey="switchToPageBuilderStage"/>
+        </before>
+        <after>
+            <actionGroup ref="logout" stepKey="logout"/>
+        </after>
+        <actionGroup ref="addPageBuilderPageTitle" stepKey="enterPageTitle">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="expandPageBuilderPanelGroup" stepKey="expandPageBuilderPanelGroup">
+            <argument name="group" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="dragContentTypeToStage" stepKey="dragProductsOntoStage">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="openPageBuilderEditPanel" stepKey="openEditAfterDrop">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="addCategoryConditionToProductsBlock" stepKey="addCategory">
+            <argument name="page" value="ProductsContentTypeForm"/>
+            <argument name="category" value="{{PageBuilderXSSPayloadProperty.value}}"/>
+        </actionGroup>
+        <actionGroup ref="saveEditPanelSettings" stepKey="saveEditPanelSettings"/>
+        <!-- Validate Stage -->
+        <comment userInput="Validate Stage" stepKey="commentValidateStage"/>
+        <dontSeeJsError stepKey="doNotSeeAnyJSErrorsOnStage"/>
+        <actionGroup ref="saveAndContinueEditCmsPage" stepKey="saveAndContinueEditCmsPage"/>
+        <dontSeeJsError stepKey="doNotSeeAnyJSErrorsOnStageAfterSaving"/>
+        <!-- Validate Storefront -->
+        <comment userInput="Validate Storefront" stepKey="commentValidateStorefront"/>
+        <actionGroup ref="navigateToStoreFront" stepKey="navigateToStoreFront">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <dontSeeJsError stepKey="doNotSeeAnyJSErrorsOnStorefront"/>
+    </test>
 </tests>

app/code/Magento/PageBuilder/view/adminhtml/web/js/content-type/products/mass-converter/widget-directive.js

@@ -60,7 +60,9 @@ export default class WidgetDirective extends BaseWidgetDirective {
         return content.replace(/\{/g, "^[")
             .replace(/\}/g, "^]")
             .replace(/"/g, "`")
-            .replace(/\\/g, "|");
+            .replace(/\\/g, "|")
+            .replace(/</g, "&lt;")
+            .replace(/>/g, "&gt;");
     }
 
     /**
@@ -71,6 +73,8 @@ export default class WidgetDirective extends BaseWidgetDirective {
         return content.replace(/\^\[/g, "{")
             .replace(/\^\]/g, "}")
             .replace(/`/g, "\"")
-            .replace(/\|/g, "\\");
+            .replace(/\|/g, "\\")
+            .replace(/&lt;/g, "<")
+            .replace(/&gt;/g, ">");
     }
 }