function BlockTitleXSSTest::testXSSInTitle

Test XSS in title.

File

drupal/core/modules/block/lib/Drupal/block/Tests/BlockTitleXSSTest.php, line 41: Contains \Drupal\block\Tests\BlockTitleXSSTest.

Class

BlockTitleXSSTest: Tests block XSS in title.

Namespace

Code

function testXSSInTitle() {
  \Drupal::state()
    ->set('block_test.content', $this
    ->randomName());
  $this
    ->drupalGet('');
  $this
    ->assertNoRaw('<script>alert("XSS label");</script>', 'The block title was properly sanitized when rendered.');
  $this
    ->drupalLogin($this
    ->drupalCreateUser(array(
    'administer blocks',
    'access administration pages',
  )));
  $default_theme = config('system.theme')
    ->get('default');
  $this
    ->drupalGet('admin/structure/block/list/block_plugin_ui:' . $default_theme . '/add');
  $this
    ->assertNoRaw("<script>alert('XSS subject');</script>", 'The block title was properly sanitized in Block Plugin UI Admin page.');
}

Main menu

Search Drupal 8.x

API Navigation

function BlockTitleXSSTest::testXSSInTitle

File

Class

Namespace

Code

Main menu

You are here

Search Drupal 8.x

API Navigation

function BlockTitleXSSTest::testXSSInTitle

File

Class

Namespace

Code