public function CaptchaAdminTest::testXssOnCaptchaDescription in CAPTCHA 8
Test XSS vulnerability on CAPTCHA description.
File
- tests/
src/ Functional/ CaptchaAdminTest.php, line 222
Class
- CaptchaAdminTest
- Tests CAPTCHA admin settings.
Namespace
Drupal\Tests\captcha\FunctionalCode
public function testXssOnCaptchaDescription() {
// Set CAPTCHA on user register form.
captcha_set_form_id_setting('user_register', 'captcha/Math');
// Put JavaScript snippet in CAPTCHA description.
$this
->drupalLogin($this->adminUser);
$xss = '<script type="text/javascript">alert("xss")</script>';
$edit = [
'description' => $xss,
];
$this
->drupalGet(self::CAPTCHA_ADMIN_PATH);
$this
->submitForm($edit, $this
->t('Save configuration'));
// Visit user register form and check if JavaScript snippet is there.
$this
->drupalLogout();
$this
->drupalGet('user/register');
$this
->assertSession()
->responseNotContains($xss, 'JavaScript should not be allowed in CAPTCHA description.', 'CAPTCHA');
}