public function BlockXssTest::testXssInTitle in Drupal 9
Same name and namespace in other branches
- 8 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::testXssInTitle()
Tests XSS in title.
File
- core/
modules/ block/ tests/ src/ Functional/ BlockXssTest.php, line 47
Class
- BlockXssTest
- Tests that the block module properly escapes block descriptions.
Namespace
Drupal\Tests\block\FunctionalCode
public function testXssInTitle() {
$this->container
->get('module_installer')
->install([
'block_test',
]);
$this
->drupalPlaceBlock('test_xss_title', [
'label' => '<script>alert("XSS label");</script>',
]);
\Drupal::state()
->set('block_test.content', $this
->randomMachineName());
$this
->drupalGet('');
// Check that the block title was properly sanitized when rendered.
$this
->assertSession()
->responseNotContains('<script>alert("XSS label");</script>');
$this
->drupalLogin($this
->drupalCreateUser([
'administer blocks',
'access administration pages',
]));
$default_theme = $this
->config('system.theme')
->get('default');
$this
->drupalGet('admin/structure/block/list/' . $default_theme);
// Check that the block title was properly sanitized in Block Plugin UI
// Admin page.
$this
->assertSession()
->responseNotContains("<script>alert('XSS subject');</script>");
}