feat(identity): phase 2 (#1090)

* Feat/login flow (#996)

* Chore: add new images

* Chore: update endpoints to v2 and allow accept email as login identifier

* Feat: add new endpoints for sending and verifying otp

* Feat: add loginForm component

* Feat: add OTPForm component

* Feat: add Login page layout

* Fix: update last updated time

* Feat: add loginpage story

* Feat: update login page based on new screens

* Fix: swap to inline message

* Fix: link hover colour

* Fix: tests

* Feat: add privacy policy and terms of use links

* Fix: add theme colors to inlinemessage and tabs

* Fix: update endpoint to v2

* Feat: add accountName to loginContext

* ChoreL use wildcard types and remove comment

* Chore: rename variables

* Chore: shift logincontent outside of loginpage

* Chore: swap link to design system

* Chore: remove FormProvider

* Chore: move validate form out

* Chore: swap to design system error message

* Chore: remove unnecessary hstack

* Refactor: move otp message into separate method

* Fix: rebase errors

* Feat: add login hooks

* Refactor: swap to login hooks

* Chore: cleanup api file

* Refactor: shift footer links into component

* Chore: remove @ from email login display

* Fix: email initial state

* Fix: tests

* Fix: remove extra |

* Nit: change quotation makrs

* Nit: remove unnecessary fontsize

* Fix: remove unnecessary if statement

* Refactor: move timer utils into hook

* Nit: add jsdoc for time diff conversion method

* Nit: rename accountName to displayedName

* Chore: swap to isExternal

* Nit: remove !

* Refactor: remove unnecessary useEffect

* Fix: login form error message

* fix: function signature

* Fix: add comment explaining \b

* Fix: swap error display order

* Nit: rename variable

* Fix: update verifyLoginOtp return type

* Fix: remove conditional for error message

* Nit: add comment

* Feat: use history instead of reloading

* Feat: make layout of top half of login page content stay the same even while switching tabs

* Feat: right align footer links

* Feat: set max width of logincontent area

* Fix: adjust max width

* feat(rr): resource room modals (#1071)

* chore(index): add many indexes for folder structure

* feat(reviewrequestform): add wip review request form

* feat(reviewrequestmodal): add wip modal

* fix(reviewrequestform): fix styling and add placeholder

* chore(packages): install react-select tyhpes

* feat(requestoverview): add request overview

* build(package): bump react-select to v5

* refactor(reviewrequestform): pass multiselect options from paernt

* chore(colours): add colours

* chore(reviewrequestmodal): tidy up components and stories

* refactor(reviewrequest): shift subcomponents into own folders

* feat(reviewrequest.stories): add stories

* chore(mocks/constants): shift constants used in stories to mocks/constants

* build(build): installs react table and react virtuoso

* refactor(requestoverview): use react virtuoso to prevent long load times

* chore(review request stories): update imports to be from design system

* refactor(requestoverview): extract util function

* chore(reviewrequestform): update placeholder

* refactor(requestoverview): shift date time into utils

* chore(requestoverview): delete unused const from cherry pick

* feat(rr): sorting the modal (#1075)

* refactor(requestoverview): add clumsy sorting method

* feat(requestoverview): add sorting and filtering capabilities

* docs(mocks/constants): update docs for file w/ 2 types

* fix(requestoverview): specify table height i nr em

* fix(requestoverview): add tick mark for filter

* feat(requestoverview): add ability to remove filter

* feat(review-requests): review overview on dashboard (#1085)

* chore(dashboard): renamed to review request

* refactor(menudropdownbutton): add util function to compute icon fill

* refactor(menudropdownbutton): allow icon bg colour to be same as button

* feat(dashboard): add dashboard for rr and stories

* chore(reviewrequest): reorganize components

* refactor(menudropdown button): omits bg; uses colourScheme to theme instead

* refactor(requestoverview): add extra button

* feat(dashboard): adds dashboard features

adds request overview

* chore(dashboard): update stories and add more colours

* chore(reviewrequest): update stories path

* chore(dashboard): remove hook

* fix(dashboard): add in edit button

* chore(menudropdownbutton): fix typo

* fix(mocks/constants): update import

* fix(dashboard): wording chnage

* fix(dashboard): misc fixes

* feat(review-request): send review request modal  (#1089)

* refactor(buttonlink): shift buttonlink out of siteviewheader

* chore(reviewrequest): shift User type into types/rr

* feat(sendrequestmodal): add new sendrequest modal component and stories

* docs(sendrequestmodal): add docs and remove console log

* chore(sendrequestmodal): upadte line break

* chore(sendrequestmodal): define new const for email newline

* feat: bare version of the site dashboard (#1082)

* ref(layouts): segregate workspace layouts and abstract ButtonLink

* fix: adjust MenuDropdownButton to allow disabling button

* feat: introduce DisplayCard common component

* feat: introduce EmptyBoxPlainImage and SiteDashboardHumanImage

* feat: introduce bare version of site dashboard

* chore: add story for ButtonLink component

* chore: more improvements and fix site dashboard stories

* fix: change userId to email address instead

* chore: adjust DisplayCard naming of variants in theme

* chore: rename empty box images to blue and white variants

* fix: cater for 0 new comments in review request card

* fix: update DisplayCard story

* fix: adjustments based on comments received

* fix: adjust text to button on site dashboard

* fix: force rename of site dashboard types

* fix: remove DisplayCard context provider

* fix: restore previous version of package-lock.json

* Feat/notifications (#1092)

* Feat: add service for changing contact number

* Feat: add modal for contact number modification

* Feat: add NotificationData type and NotificationService

* Feat: add notification hooks

* Feat: add date and notification utils

* Feat: add AvatarMenu

* Feat: add NotificationMenu

* Chore: add notification and avatar menus to siteViewHeader

* Fix: remove test notifications

* Fix: rebase errors

* Refactor: combine getAvatarName and extractInitials

* Fix: remove unnecessary conditional

* Fix: avatar font size

* Refactor: move custom validator into min and max length

* Fix: contact verification modal spacing

* chore: remove commented out styles

* Fix: set max height and overflow for notifications

* Chore: remove ButtonLink and unused components

* chore: remove comment for todo

* Fix: notification not working on dashboard

* Refactor: move contactOtpProps into contact types

* Feat: add allSitesHeader

* Feat: refactor Header

* Chore: update header types

* Feat: add get help to dashboard header

* Chore: reposition notifications on siteEditHeader

* Fix: my sites

* Feat/notifications storybook (#1093)

* Chore: update default storybook handlers

* Chore: add constants

* Feat: add header stories

* Feat: add story for no notification case

* Fix: remove switch statement for apiDataBuilder

* Test: add story for many notifications

* Fix: padding from overflow

* Fix: smaller notification alert

* Chore: modify mock data

* Fix: avatarbadge units

* fix: touch up site dashboard (#1123)

* fix: use human-readable format for dates on the site dashboard

* fix: handle undefined timestamps

* feat: disable site dashboard for GitHub login users

* fix: resolve storybook issues

* feat(rr): misc modals (#1091)

* feat(cancelrequestmodal): add new modal

* fix(requestoverview): fixed header bottom border

* feat(managereviewermodal): wip for modal

still missing proper select functionality

* feat(approvedmodal): add approved modal

* feat(publishedmodal): add new modal

* feat(pendingapprovalmodal): add new modall

* feat(editingblockedmodal): add new modal

* feat(reviewrequestalert): add new component

* build(package): uninstall types/react-select as the base package is in ts

* feat(managereviewersmodal): prevent removal if only 1 admin left

* Update src/layouts/ReviewRequest/components/PublishedModal/PublishedModal.tsx

Co-authored-by: Alexander Lee <[email protected]>

* chore(misc modals): update props to omit children and remove extra button

Co-authored-by: Alexander Lee <[email protected]>

* feat: collaborators (#1007)

* style(colors): add danger for icon

* feat(api-service): add collaborator API service methods

* feat(hooks): add collaborator hooks

* feat: add CollaboratorModal

* feat: add Dashboard layout

 This Dashboard layout contains the CollaboratorModal

* feat(storybook): add stories for CollaboratorModal

* fix: import order

* chore: remove duplicate collaboratorData

* chore: only import types

* chore: replace button with loadingbutton

* chore: remove unused import

* fix: also disable button if field is empty

* fix: wrong redirect path

* feat: make link open in new tab

* feat: handle enter key for input

* temp create special route for collaborators

* ref(collaborators): refactor to remove shared props from context (#1076)

* refactor(collaborators): refactors collaborators to remove context

* fix(removecollaborator): renamed variable for clarity

* chore(cøllaboratorhooks): remove extra imports

* chore(collaboratormodal): rename variable for clarity

* fix(mainsubmodal): add rudimentary validation

* refactor(collaboratormodal): shift constant to own file

* chore(collaboratormodal): misc fixes

* chore(loadingbutton): add code block

* refactor(ack submodal): remove moadl body

* refactor(removecollaboratorsubmodal): pass user and onDeleteComplete as props

* refactor(collaboratormodal): refactor to manage state between deletion/mainmodal

* refactor(mainsubmodal): shift unnecessary state downwards into the main modal

* chore(utils): tweak apiDataBuilder to be slightly more powerful

* chore(collab modal stories): tweak stories to work with api

* chore(collaboratormodal): rename subfolder to components

* chore(constants): removed unused stuff

* refactor(collaborators types): shift collaborator types to types folder

* chore(collaboratorservice): add types to methods

* chore(collaboratorhooks): add types to hooks

* chore(mocks): update mocks to fit new typings

* chore(mainsubmodal): update to fit new types

* chore(collaborator hooks): shift into own files for ease of discovery

* chore(types): shift collaborator to error and rename

* chore(dashboard): edit dashboard for testing

* chore(collaboratorhooks): update error import

* refactor(mainsubmodal): add loading state and fix reset

* refactor(ack submodal): add isloading prop

* refactor(collaboartor): add loading stae; update import

* chore(usedeletecollaboratorhook): update erro type

* fix(collaboratormodal): prevent useres being stuck on delete

* fix(uselistcollaboratorshook): transform data from be into shape

* fix(mainsubmodal): disable button if field empty

* chore(mainsubmodal): convert units to rem

* fix(mainsubmodal): clean up state on modal close

* chore(mainsubmodal): remove unused variables

* chore(mainsubmodal): remove multiple calls to function

* chore(collaboratormodal): fix stories

* fix(mainsubmodal): fixed text sizing and add placeholder

* fix(collaborator): fixed story typing for constants

* chore(mainsubmodal): update text styling

Co-authored-by: seaerchin <[email protected]>

* feat(rr): integration with site dashboard (#1105)

* feat(usediff): add new hook to retrieve diffs

* feat(usegetcollaborators): add new hook

* feat(usecreaterr): add new hook

* feat(usegetrr): add new hook

* chore(routeselector): add new route for dashboard and change link in site

* feat(reviewservice): add new service to retrieve data from be

* chore(sitedashboardsevrice): update return type

* feat(types): add types

* chore(constants): update import

* feat(empty rr): add linkage to rr modal

* chore(requestoverview): update styling

* feat(rr form/modal): integrate with be

* feat(dashboard): integrate with rr

* chore(reviewrequeststatus): shift type to types/reviewrequest

* chore(reviewrequeststatus): update usage

* feat(merge rr): add new hooks/service call to merge rr

* fix(reviewrequestmodal): add filter to exclude self from list of admins

* fix(usecreaterr): invalidate all requests to force refetch

* chore(rr): add linkages

* chore(reviewservice): update to fit be

* feat(rolecontext): add initial role context

* chore(buttonlink): add return

* feat(axios): add method to extract message given if axios has be dto

* feat(reviewservice): add new methods to cancel/approve rr

* feat(rr hook): add hooks to approve/cancel/merge rr

* feat(rolecontext): add new cntxet for user roles

* chore(settingshook): add export

* chore(rr hooks): add export

* refactor(reviewrequestalert): add link to actual url

* feat(usegetsiteurl): add hook to retrieve site url

* refactor(approvedmodal): refactor so that it actually approve on be

* feat(routeselector): use new roleprovider

* feat(workspace): add alert to wrokspace

* feat(cancelrequestmodal): add linkages to be

* refactor(rr modal): disallow creation if no change

* feat(publishedmodal): invalidate queries and add link to live site

* refactor(managereviewermodal): shift select outside to prevent prop capture and stale reads

* feat(dashboard): add role based view

* fix(dashboard): fixed erroneous button

* chore(role context): rename from role context to rr role context

* fix(dashboard): remov errorneous double buttons

* fix(publishedmodal): fix stories

* fix(reviewrequestmodal): disallow creation if no admin selected (#1120)

* feat(rr): lock editing when active rr is approved (#1121)

* refactor(protectedroute): refactor to ts and use children

* chore(usegetreviewrequests): annotate error type

* feat(approvedreviewredirect): add routing component for review request

* refactor(protectedroutewithprops): update import and simplify component

* feat(routeselector): prevent edits if approved rr

* fix(sitedashboard): disable edit site button + add loading state

* feat(greyscale): add new greyscale component

* refactor(approvedreviewredirect): use new greyscale component

* fix(protectedroute): updated conditional

* fix: integrate collaborators modal into the site dashboard (#1124)

* Feat/comments (#1102)

* Feat: add CommentsService

* Feat: add comment hooks

* Feat: add sendCommentForm

* Feat: add CommentsDrawer

* Feat: add commentsDrawer to reviewRequest dashboard

* Fix: body text colour

* Chore: update endpoint to be called

* Chore: remove unused import

* Chore: rename chatImage to emptyChatImage

* Chore: manually trigger comments retrieval

* Fix: comments key

* Fix: swap manual refetch to disable refetchOnWindowFocus instead

* Chore: add axios error type

* Chore: add TODO

* Fix: swap to Center

* Refactor: move useUpdateComments hook to sendCommentForm

* Fix: add validation for non empty comment

* Fix: form validation

* Fix: clear error on rerender

* Fix: sites layout

* Feat/comments storybook (#1103)

* Chore: add mocks

* Feat: add CommentsDrawer stories

* Fix: button and comment styles

* Fix: sticky drawer header and footer

* Fix: border radius

* Fix: icon styling

* Fix: rebase errors

* Fix: update storybook to handle mark read

* fix(approvedreviewredirect): update error redirect condition

* chore(routeselector): add approval redirect on all sub components (#1132)

* chore(routeselector): add approval redirect on all sub componnets

* chore(routeselector): remove extra spaces

* fix(rr): update site url endpoint (#1135)

* fix(sitedashboard): add missing deps array for useEffect

* refactor(usegetsiteurl): shift call to service and update endpoint

* fix(publishedmodal): use new siteurl

* chore(workspace): remove exta ?

* feat(rr): adds request unapproval ability (#1134)

* feat(unapproverr): add hook + service to unapprove rr

* refactor(dashboard): update styling and add unapproval

* fix(siteviewheader): conditional url for back button (#1136)

* fix(siteviewheader): conditional url for back button

* chore(siteviewheader): amend aria label

* feat: allow embedding of Instagram posts on normal pages (#1019)

* fix: add support for embedding Instagram posts

* chore: rename variable to be clearer on its purpose

* chore: add comment to differentiate between https:// and //

* fix: block inline script from being saved

* chore: run lint-fix to resolve formatting issues

* chore: add comments to explain rationale behind the added code

* fix: improve handling of script tags with src attribute

* tests(e2e): add tests for inserting script tags

* fix: sanitise if on the first line

* fix: compress conditional and handle undefined

* feat: record view status of review requests (#1137)

* feat: mark all review requests as viewed on site dashboard

* feat: mark specific review request as viewed when it is viewed

* fix: only call the mark all review requests as viewed API once

* fix(siteeditheader): add conditional for url (#1139)

* fix(rr): add footer to dashboard after rr is approved (#1138)

* feat(dashboard): add footer

* fix(dashboard): add footer

* Update src/layouts/ReviewRequest/Dashboard.tsx

change wording

Co-authored-by: Hsu Zhong Jun <[email protected]>

Co-authored-by: Hsu Zhong Jun <[email protected]>

* feat(rr): allow update of admins in rr  (#1127)

* chore(dashboard): reomve unused code

* feat(types/error): add middlewareerrordto type

* feat(hooks/services): add hook + service to update rrr

* refactor(dashboard): make less verbose

* refactor(updatereviewrequest): refactor types to take only admins - currently only can update admins

* refactor(managereviewermodal): add update admin functionality

* fix(types): made reviewers a required prop in dto

* Fix/notifications display (#1133)

* Fix: comment data and commentsdrawer params

* Fix: update comments list on submit

* Fix: invalidate query instead of refetch

* chore(dashboard): remove redeclared variable

* fix: open external links in a new tab (#1142)

* fix: increase z-index for Menu.List in header items (#1141)

* fix: increase z-index for Menu.List in header items

* chore: change absolute values to use Chakra theme values

* fix: open the Isomer guide in a new tab (#1148)

* fix: open the Isomer guide in a new tab

* chore: remove unused import

* fix(rr): disable adding admins if user isn't the requestor (#1146)

* chore(constants): add new constants for mocks

* chore(mocks/utils): add review req data builder

* chore(rr dashboard): disable adding admins if not requestor

* fix(storybook): add handler for rr

* fix(notificationmenu): update button to get sitename using hook (#1145)

* fix(comments): fix comments hardcoded value (#1144)

* fix(stories): updated stories + handlers (#1151)

* chore(mocks/utils): remove extra comment

* fix(sitedashboard.stories): add new handler and updated existing handler

* chore(hooks): remove useGetCollaborators hook

* chore(hooks): update callsites of useGetCollaborators to useListCollaboratorsHook

* chore(mocks): add new handlers

* chore(stories): fixed existing stories

* fix(sitedashboard.stories): add handler for collaborators

* chore(collaborators): error messages + parsing (#1152)

* chore(uselistcollaborators): rename hook to remove trailing `hook`

* chore(contactverificationmodal): update import

* chore(axios): allow specifying default message for getAxiosErrorMessage

* chore(collaborators): remove unused properties

* refactor(uselistcollaboratorshook): shift parsing to be, extract error message from body as default

* chore(dashboard): add loading state (#1155)

* chore(dashboard): add loading state

* feat(dashboard): add loading state to secondary detail;s

* Feat/restrict identity routes (#1157)

* Fix: stop notifications from showing up for github login users

* Fix: tests

* Vapt: merge back into tracking branch (#1195)

* fix(approvedreviewredirect): removed redir for github users on error

* fix(media): disallow file extension change (#1173)

* refactor(imagepreviewcard): shift util method into separate file

* refactor(mediacreation/update): prevent users from being able to change file ext

* fix(files): update utilmethod

* Fix: remove . when no file extension (#1184)

* Fix: remove . when no file extension

* feat: restriction file extension modification for media upload

* Fix: restrict duplicate file names

* Fix: media schema

* Nit: add comment for behaviour of fileExt

---------

Co-authored-by: seaerchin <[email protected]>
Co-authored-by: seaerchin <[email protected]>

* feat: adding gitguardian precommit hook (#1190)

* Fix/remove sensitive data from local storage (#1198)

* Fix: remove sensitive data from local storage

* chore: remove unused local storage keys

* Chore: rename verifyLoginAndSetLocalStorage to verifyLoginAndGetUserDetails

* Fix/misc identity cleanup (#1199)

* Fix: change pull request button to request a review for email login

* Feat: change text and add image for empty sites page

* Feat: update my sites preview image

* Feat: add useGetAllSites hook

* Refactor: convert sites to ts

* Fix: import Sites

* Feat: add storybook

* Fix: tests

* style: remove fixed widths in sites dashboard (#1185)

* Refactor: shift sites render logic

* Chore: add divider and update max width

* Chore: replace OGP logo with Isomer logo

* Fix: box shadow only on hover

* chore: add border to outside of card

* chore: update font for get help

* Chore: set avatar background in header to primary.500

* Chore: fix typo

* Fix: make avatar smaller

* Fix: always use white text for avatar

---------

Co-authored-by: Antariksh Mahajan <[email protected]>

* chore/update login page info box (#1212)

* feat(identity): announcement modal (#1186)

* build(package): installed typefest + framer motion

* feat(motionbox): copy over from forms

* feat(progressindicator): copy from forms

* chore(icon): add nwe asset

* feat(newfeaturetag): add component

* chore(assets/iamges): add isomer images

* feat(useannouncement): add new hook together with types for announcement

* feat(announcementmodal): add new annoncement modal component together with stories

* refactor(announcementmodal): update types/hook/component to allow for links

* chore(announcements): rename to announcement_batch

* ref(annModal): remove useCallback and add length check

* chore(announcements): update height and color

* chore(annmodal): update top color

* chore(annModal): add border radius

* ref(annModal): add defensive check + display

* chore(announcements): conditional render

* chore(review overview): hide buttons (#1211)

* chore(buttons): hide them

* chore(overview): update comment + link isseu

---------

Co-authored-by: Alexander Lee <[email protected]>
Co-authored-by: Hsu Zhong Jun <[email protected]>
Co-authored-by: Preston Lim <[email protected]>
Co-authored-by: Harish <[email protected]>
Co-authored-by: Antariksh Mahajan <[email protected]>

.env-example

@@ -13,4 +13,7 @@ export CYPRESS_TEST_REPO_NAME=''
 # Reset e2e-test-repo
 export E2E_COMMIT_HASH=bcfe46da1288b3302c5bb5f72c5c58b50574f26c
 export PERSONAL_ACCESS_TOKEN=''
-export USERNAME=''
+export USERNAME=''
+
+# GitGuardian
+export GITGUARDIAN_API_KEY=""

.gitignore

@@ -22,6 +22,7 @@
 .env.production.local
 .vscode
 .idea
+.cache_ggshield
 
 npm-debug.log*
 yarn-debug.log*

.husky/pre-commit

@@ -2,3 +2,4 @@
 . "$(dirname "$0")/_/husky.sh"
 
 npx lint-staged
+source .env && ggshield secret scan pre-commit

README.md

@@ -14,6 +14,30 @@ npm install
 npm run start
 ```
 
+### Setting up GitGuardian
+
+To setup, follow these instructions:
+
+1. Install GitGuardian
+
+```
+brew install gitguardian/tap/ggshield
+```
+
+2. Add the API Key to your `.env` file
+
+```
+# Service API key from GitGuardian account
+export GITGUARDIAN_API_KEY=abc123
+```
+
+Notes:
+
+Only if necessary,
+
+- To skip all pre-commit hooks, use `$ git commit -m "commit message" -n`
+- To skip only GitGuardian’s hook, use `$ SKIP=ggshield git commit -m "commit message"`
+
 ### Running end-to-end tests using Cypress
 
 Add the following Cypress environment variables:
@@ -43,8 +67,11 @@ npm run cypress:open
 ```
 
 ### Release
+
 Run the following on the release branch to tag and push changes automatically:
+
 ```
 npm run release --isomer_update=<versionType>
 ```
-where versionType corresponds to npm version types. This only works on non-Windows platforms, for Windows, modify the release script to use %npm_config_update% instead of $npm_config_update.
+
+where versionType corresponds to npm version types. This only works on non-Windows platforms, for Windows, modify the release script to use %npm_config_update% instead of $npm_config_update.

cypress/e2e/editPage.spec.ts

@@ -23,6 +23,11 @@ describe("editPage.spec", () => {
 
  describe("Edit unlinked page", () => {
  const TEST_PAGE_CONTENT = "lorem ipsum"
+ const TEST_INSTAGRAM_EMBED_SCRIPT =
+ '<script async src="//www.instagram.com/embed.js"></script>'
+ const TEST_UNTRUSTED_SCRIPT =
+ '<script src="https://www.example.com/evil.js"></script>'
+ const TEST_INLINE_SCRIPT = '<script>alert("hello")</script>'
 
  const TEST_UNLINKED_PAGE_TITLE = "Test Unlinked Page"
  const TEST_UNLINKED_PAGE_FILENAME = titleToPageFileName(
@@ -184,6 +189,52 @@ describe("editPage.spec", () => {
 
  cy.contains(`[${LINK_TITLE}](${LINK_URL})`)
  })
+
+ it("Edit page (unlinked) should allow users to add Instagram embed script", () => {
+ cy.get(".CodeMirror-scroll").type(TEST_INSTAGRAM_EMBED_SCRIPT)
+ cy.contains(":button", "Save").click()
+
+ // Asserts
+ // 1. Toast
+ cy.contains("Successfully updated page")
+
+ // 2. Content is there even after refreshing
+ cy.reload()
+ cy.contains(TEST_INSTAGRAM_EMBED_SCRIPT).should("exist")
+ })
+
+ it("Edit page (unlinked) should not allow users to add untrusted external scripts", () => {
+ cy.get(".CodeMirror-scroll").type(TEST_UNTRUSTED_SCRIPT)
+
+ // Asserts
+ // 1. Save button is disabled
+ cy.contains(":button", "Save").should("be.disabled")
+
+ // 2. CSP warning appears
+ cy.contains(
+ "Intended <script> content violates Content Security Policy and therefore could not be displayed. Isomer does not support display of any forbidden resources."
+ ).should("exist")
+
+ // 3. Content is not saved
+ cy.reload()
+ cy.contains(TEST_UNTRUSTED_SCRIPT).should("not.exist")
+ })
+
+ it("Edit page (unlinked) should not allow users to add inline scripts", () => {
+ cy.get(".CodeMirror-scroll").type(TEST_INLINE_SCRIPT)
+ cy.contains(":button", "Save").click()
+
+ // Asserts
+ // 1. XSS warning modal is shown
+ cy.contains(
+ "There is unauthorised JS detected in the following snippet"
+ ).should("exist")
+
+ // 2. Content is not saved
+ cy.contains(":button", "Acknowledge").click()
+ cy.reload()
+ cy.contains(TEST_INLINE_SCRIPT).should("not.exist")
+ })
  })
 
  describe("Edit collection page", () => {