Hi Amber, thanks for the reply.
I've looked in there, The assertion is "Cross Site Scripting Detection", but the only modifiable field in there is to make a separate call to a different URL for results, nothing that I can see would change the logic of the assertion itself, am I missing something I can do?
You can add additional assertions from the Assertions menu.
ok, and will this assertion work separately to the immediate response assertion?
the logic i need is something like
fail IF cross site script is in response
AND
'Error' is NOT in response
but there's no documentation on the relationship between assertions or the overarching logic
(if response doesn't contain the cross site scripting string then we don't want to assert that error is always there)
