Documentation & API reference
function DateTimeTest::testDateFormatXSS
Test that date formats are sanitized.
File
- drupal/
core/ modules/ system/ lib/ Drupal/ system/ Tests/ System/ DateTimeTest.php, line 148 - Definition of Drupal\system\Tests\System\DateTimeTest.
Class
- DateTimeTest
- Tests generic date and time handling capabilities of Drupal.
Namespace
Drupal\system\Tests\SystemCode
function testDateFormatXSS() {
$date_format_info = array(
'name' => 'XSS format',
'pattern' => array(
'php' => '\\<\\s\\c\\r\\i\\p\\t\\>\\a\\l\\e\\r\\t\\(\'\\X\\S\\S\'\\)\\;\\<\\/\\s\\c\\r\\i\\p\\t\\>',
),
);
system_date_format_save('xss_short', $date_format_info);
$this
->drupalGet('admin/config/regional/date-time');
$this
->assertNoRaw("<script>alert('XSS');</script>", 'The date format was properly sanitized');
}