Confirm that invalid text given as $path is filtered.
function testLXSS() {
$text = $this
->randomName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$link = l($text, $path);
$sanitized_path = check_url(url($path));
$this
->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered', array(
'@path' => $path,
)));
}