Test that date formats are sanitized.
function testDateFormatXSS() {
$date_format_info = array(
'name' => 'XSS format',
'pattern' => array(
'php' => '\\<\\s\\c\\r\\i\\p\\t\\>\\a\\l\\e\\r\\t\\(\'\\X\\S\\S\'\\)\\;\\<\\/\\s\\c\\r\\i\\p\\t\\>',
),
);
system_date_format_save('xss_short', $date_format_info);
$this
->drupalGet('admin/config/regional/date-time');
$this
->assertNoRaw("<script>alert('XSS');</script>", 'The date format was properly sanitized');
}