Test XSS in title.
function testXSSInTitle() {
\Drupal::state()
->set('block_test.content', $this
->randomName());
$this
->drupalGet('');
$this
->assertNoRaw('<script>alert("XSS label");</script>', 'The block title was properly sanitized when rendered.');
$this
->drupalLogin($this
->drupalCreateUser(array(
'administer blocks',
'access administration pages',
)));
$default_theme = config('system.theme')
->get('default');
$this
->drupalGet('admin/structure/block/list/block_plugin_ui:' . $default_theme . '/add');
$this
->assertNoRaw("<script>alert('XSS subject');</script>", 'The block title was properly sanitized in Block Plugin UI Admin page.');
}