You are here

public function DbLogTest::testOverviewLinks in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/dblog/tests/src/Functional/DbLogTest.php \Drupal\Tests\dblog\Functional\DbLogTest::testOverviewLinks()
  2. 9 core/modules/dblog/tests/src/Functional/DbLogTest.php \Drupal\Tests\dblog\Functional\DbLogTest::testOverviewLinks()

Make sure HTML tags are filtered out in the log overview links.

File

core/modules/dblog/tests/src/Functional/DbLogTest.php, line 870

Class

DbLogTest
Generate events and verify dblog entries; verify user access to log reports based on permissions.

Namespace

Drupal\Tests\dblog\Functional

Code

public function testOverviewLinks() {
  $this
    ->drupalLogin($this->adminUser);

  // cSpell:disable-next-line
  $this
    ->generateLogEntries(1, [
    'message' => "&lt;script&gt;alert('foo');&lt;/script&gt;<strong>Lorem</strong> ipsum dolor sit amet, consectetur adipiscing & elit.",
  ]);
  $this
    ->drupalGet('admin/reports/dblog');
  $this
    ->assertSession()
    ->statusCodeEquals(200);

  // Make sure HTML tags are filtered out.
  $this
    ->assertSession()
    ->responseContains('title="alert(&#039;foo&#039;);Lorem');
  $this
    ->assertSession()
    ->responseNotContains("<script>alert('foo');</script>");

  // Make sure HTML tags are filtered out in admin/reports/dblog/event/ too.
  $this
    ->generateLogEntries(1, [
    'message' => "<script>alert('foo');</script> <strong>Lorem ipsum</strong>",
  ]);
  $query = Database::getConnection()
    ->select('watchdog');
  $query
    ->addExpression('MAX([wid])');
  $wid = $query
    ->execute()
    ->fetchField();
  $this
    ->drupalGet('admin/reports/dblog/event/' . $wid);
  $this
    ->assertSession()
    ->responseNotContains("<script>alert('foo');</script>");
  $this
    ->assertSession()
    ->responseContains("alert('foo'); <strong>Lorem ipsum</strong>");
}