Documentation & API reference
function NodeTitleXSSTestCase::testNodeTitleXSS
Tests XSS functionality with a node entity.
File
- drupal/
modules/ node/ node.test, line 795 - Tests for node.module.
Class
- NodeTitleXSSTestCase
- Tests XSS functionality with a node entity.
Code
function testNodeTitleXSS() {
// Prepare a user to do the stuff.
$web_user = $this
->drupalCreateUser(array(
'create page content',
'edit any page content',
));
$this
->drupalLogin($web_user);
$xss = '<script>alert("xss")</script>';
$title = $xss . $this
->randomName();
$edit = array(
"title" => $title,
);
$this
->drupalPost('node/add/page', $edit, t('Preview'));
$this
->assertNoRaw($xss, 'Harmful tags are escaped when previewing a node.');
$settings = array(
'title' => $title,
);
$node = $this
->drupalCreateNode($settings);
$this
->drupalGet('node/' . $node->nid);
// assertTitle() decodes HTML-entities inside the <title> element.
$this
->assertTitle($edit["title"] . ' | Drupal', 'Title is diplayed when viewing a node.');
$this
->assertNoRaw($xss, 'Harmful tags are escaped when viewing a node.');
$this
->drupalGet('node/' . $node->nid . '/edit');
$this
->assertNoRaw($xss, 'Harmful tags are escaped when editing a node.');
}