Cross Site Scripting test

I am trying to create a test case for a programmer in our dept where he needs to verify that a Cross-Site Scripting attempt is stopped. I have a text field, where I put a Value of and then when we click “Next”, it should fail with a particular warning message. If I create the test case and run it right away, it works - but the moment I try to Save the test case, the in the Value field disappears. If I click in the Value field, it suddenly shows me alert(‘XSS’) and will allow me to save that, but we need the to test the security on this page.

Is Katalon trying to prevent me from testing Cross Site Scripting by not allowing that to be saved? How can we automate this?

I’ll need to see your Test Case steps, the HTML and JavaScript that’s driving the alert().

Here is what I can show you - using the Katalon recorder, we need to input in the “Enter Color Name or Number” field and verify when clicking on “Next” that the text changes to <script>alert(‘XSS’)</script> in that same field and that the error “The entered color name or number was not found in the database. (code : 402).“ should be on screen and verified just below that text field.

I can run it just once and when it’s done, that Value field goes blank on the Katalon Recorder. If I click on that Value field alert(‘XSS’) appears and the rest disappears. I’m assuming this might be Katalon preventing someone from running Cross Site Scripting on someone else’s page? Or if there a way to do this so that we can test our own security is working?

You’re posting in the wrong forum category – KR is a different product to Katalon Studio, hence why I was confused.

@ThanhTo Can you help?

The page says I’m in “Katalon Recorder (Browser Extensions)”. Is that not correct for KR questions?

It says that because I moved it here.

1 Like

Bumping in hopes that someone has an answer for me to the original question.