You are here

protected function BlockXssTest::doBlockContentTest in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doBlockContentTest()
  2. 9 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doBlockContentTest()

Tests XSS coming from Block Content block info.

File

core/modules/block/tests/src/Functional/BlockXssTest.php, line 167

Class

BlockXssTest
Tests that the block module properly escapes block descriptions.

Namespace

Drupal\Tests\block\Functional

Code

protected function doBlockContentTest() {
  BlockContentType::create([
    'id' => 'basic',
    'label' => 'basic',
    'revision' => TRUE,
  ])
    ->save();
  BlockContent::create([
    'type' => 'basic',
    'info' => '<script>alert("block_content");</script>',
  ])
    ->save();
  $this
    ->drupalGet(Url::fromRoute('block.admin_display'));
  $this
    ->clickLink('Place block');
  $this
    ->assertSession()
    ->assertEscaped('<script>alert("block_content");</script>');
  $this
    ->assertSession()
    ->responseNotContains('<script>alert("block_content");</script>');
}