LPD-55453 SF

brianchandotcom · brianchandotcom · commit c4c34a130943 · 2025-06-07T09:16:17.000-03:00
diff --git a/modules/apps/dynamic-data-mapping/dynamic-data-mapping-web-test/src/test/java/com/liferay/dynamic/data/mapping/web/internal/portlet/action/RenderStructureFieldMVCResourceCommandTest.java b/modules/apps/dynamic-data-mapping/dynamic-data-mapping-web-test/src/test/java/com/liferay/dynamic/data/mapping/web/internal/portlet/action/RenderStructureFieldMVCResourceCommandTest.java
@@ -34,34 +34,35 @@ public class RenderStructureFieldMVCResourceCommandTest {
 
 	@Test
 	public void testCreateDDMFormFieldRenderingContext() {
-		String maliciousScript = "'\"></option><img onerror=alert(123) src=x>";
-		HttpServletRequest mockHttpServletRequest = Mockito.mock(
+		HttpServletRequest httpServletRequest = Mockito.mock(
 			HttpServletRequest.class);
 
 		ThemeDisplay themeDisplay = Mockito.mock(ThemeDisplay.class);
 
 		Mockito.when(
-			mockHttpServletRequest.getAttribute(WebKeys.THEME_DISPLAY)
+			themeDisplay.getLocale()
 		).thenReturn(
-			themeDisplay
+			LocaleUtil.US
 		);
 
 		Mockito.when(
-			mockHttpServletRequest.getParameter("namespace")
+			httpServletRequest.getAttribute(WebKeys.THEME_DISPLAY)
 		).thenReturn(
-			maliciousScript
+			themeDisplay
 		);
 
+		String script = "'\"></option><img onerror=alert(123) src=x>";
+
 		Mockito.when(
-			mockHttpServletRequest.getParameter("portletNamespace")
+			httpServletRequest.getParameter("namespace")
 		).thenReturn(
-			maliciousScript
+			script
 		);
 
 		Mockito.when(
-			themeDisplay.getLocale()
+			httpServletRequest.getParameter("portletNamespace")
 		).thenReturn(
-			LocaleUtil.US
+			script
 		);
 
 		RenderStructureFieldMVCResourceCommand
@@ -74,14 +75,14 @@ public void testCreateDDMFormFieldRenderingContext() {
 		DDMFormFieldRenderingContext ddmFormFieldRenderingContext =
 			renderStructureFieldMVCResourceCommand.
 				createDDMFormFieldRenderingContext(
-					mockHttpServletRequest,
+					httpServletRequest,
 					Mockito.mock(HttpServletResponse.class));
 
 		Assert.assertEquals(
-			HtmlUtil.escapeAttribute(maliciousScript),
+			HtmlUtil.escapeAttribute(script),
 			ddmFormFieldRenderingContext.getNamespace());
 		Assert.assertEquals(
-			HtmlUtil.escapeAttribute(maliciousScript),
+			HtmlUtil.escapeAttribute(script),
 			ddmFormFieldRenderingContext.getPortletNamespace());
 	}
 
