function CaptchaAdminTestCase::testXssOnCaptchaDescription in CAPTCHA 7
Same name and namespace in other branches
- 6.2 captcha.test \CaptchaAdminTestCase::testXssOnCaptchaDescription()
Test XSS vulnerability on CAPTCHA description.
File
- ./
captcha.test, line 604 - Tests for CAPTCHA module.
Class
Code
function testXssOnCaptchaDescription() {
// Set CAPTCHA on user register form.
captcha_set_form_id_setting('user_register', 'captcha/Math');
// Put JavaScript snippet in CAPTCHA description.
$this
->drupalLogin($this->admin_user);
$xss = '<script type="text/javascript">alert("xss")</script>';
$edit = array(
'captcha_description' => $xss,
);
$this
->drupalPost(self::CAPTCHA_ADMIN_PATH, $edit, 'Save configuration');
// Visit user register form and check if JavaScript snippet is there.
$this
->drupalLogout();
$this
->drupalGet('user/register');
$this
->assertNoRaw($xss, 'JavaScript should not be allowed in CAPTCHA description.', 'CAPTCHA');
}