protected function BlockXssTest::doBlockContentTest in Drupal 10
Same name and namespace in other branches
- 8 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doBlockContentTest()
- 9 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doBlockContentTest()
Tests XSS coming from Block Content block info.
File
- core/
modules/ block/ tests/ src/ Functional/ BlockXssTest.php, line 167
Class
- BlockXssTest
- Tests that the block module properly escapes block descriptions.
Namespace
Drupal\Tests\block\FunctionalCode
protected function doBlockContentTest() {
BlockContentType::create([
'id' => 'basic',
'label' => 'basic',
'revision' => TRUE,
])
->save();
BlockContent::create([
'type' => 'basic',
'info' => '<script>alert("block_content");</script>',
])
->save();
$this
->drupalGet(Url::fromRoute('block.admin_display'));
$this
->clickLink('Place block');
$this
->assertSession()
->assertEscaped('<script>alert("block_content");</script>');
$this
->assertSession()
->responseNotContains('<script>alert("block_content");</script>');
}