Contains \Drupal\block\Tests\BlockTitleXSSTest.
<?php
/**
* @file
* Contains \Drupal\block\Tests\BlockTitleXSSTest.
*/
namespace Drupal\block\Tests;
use Drupal\simpletest\WebTestBase;
/**
* Tests block XSS in title.
*/
class BlockTitleXSSTest extends WebTestBase {
/**
* Modules to enable.
*
* @var array
*/
public static $modules = array(
'block',
'block_test',
);
public static function getInfo() {
return array(
'name' => 'Block XSS Title',
'description' => 'Test block XSS in title.',
'group' => 'Block',
);
}
protected function setUp() {
parent::setUp();
$this
->drupalPlaceBlock('test_xss_title', array(
'label' => '<script>alert("XSS label");</script>',
));
}
/**
* Test XSS in title.
*/
function testXSSInTitle() {
\Drupal::state()
->set('block_test.content', $this
->randomName());
$this
->drupalGet('');
$this
->assertNoRaw('<script>alert("XSS label");</script>', 'The block title was properly sanitized when rendered.');
$this
->drupalLogin($this
->drupalCreateUser(array(
'administer blocks',
'access administration pages',
)));
$default_theme = config('system.theme')
->get('default');
$this
->drupalGet('admin/structure/block/list/block_plugin_ui:' . $default_theme . '/add');
$this
->assertNoRaw("<script>alert('XSS subject');</script>", 'The block title was properly sanitized in Block Plugin UI Admin page.');
}
}
Name | Description |
---|---|
BlockTitleXSSTest | Tests block XSS in title. |