You are here

public function AddFeedTest::testFeedLabelEscaping in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/aggregator/tests/src/Functional/AddFeedTest.php \Drupal\Tests\aggregator\Functional\AddFeedTest::testFeedLabelEscaping()

Ensures that the feed label is escaping when rendering the feed icon.

File

core/modules/aggregator/tests/src/Functional/AddFeedTest.php, line 61

Class

AddFeedTest
Add feed test.

Namespace

Drupal\Tests\aggregator\Functional

Code

public function testFeedLabelEscaping() {
  $feed = $this
    ->createFeed(NULL, [
    'title[0][value]' => 'Test feed title <script>alert(123);</script>',
  ]);
  $this
    ->checkForMetaRefresh();
  $this
    ->drupalGet('aggregator/sources/' . $feed
    ->id());
  $this
    ->assertSession()
    ->statusCodeEquals(200);
  $this
    ->assertSession()
    ->assertEscaped('Test feed title <script>alert(123);</script>');
  $this
    ->assertSession()
    ->responseNotContains('Test feed title <script>alert(123);</script>');

  // Ensure the feed icon title is escaped.
  $this
    ->assertStringContainsString('class="feed-icon">  Subscribe to Test feed title &lt;script&gt;alert(123);&lt;/script&gt; feed</a>', str_replace([
    "\n",
    "\r",
  ], '', $this
    ->getSession()
    ->getPage()
    ->getContent()));
}