Tests limiting allowed tags and XSS prevention.
XSS tests assume that script is disallowed by default and src is allowed by default, but on* and style attributes are disallowed.
@dataProvider providerTestFilterXssNormalized
string $value: The value to filter.
string $expected: The expected result.
string $message: The assertion message to display upon failure.
public function testFilterXssNormalized($value, $expected, $message) {
$this
->assertNormalized(Xss::filter($value), $expected, $message);
}