You are here

public function ElementsLabelsTest::testTitleEscaping in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/system/tests/src/Functional/Form/ElementsLabelsTest.php \Drupal\Tests\system\Functional\Form\ElementsLabelsTest::testTitleEscaping()

Tests XSS-protection of element labels.

File

core/modules/system/tests/src/Functional/Form/ElementsLabelsTest.php, line 93

Class

ElementsLabelsTest
Tests form element labels, required markers and associated output.

Namespace

Drupal\Tests\system\Functional\Form

Code

public function testTitleEscaping() {
  $this
    ->drupalGet('form_test/form-labels');
  foreach (FormTestLabelForm::$typesWithTitle as $type) {
    $this
      ->assertSession()
      ->responseContains("{$type} alert('XSS') is XSS filtered!");
    $this
      ->assertSession()
      ->responseNotContains("{$type} <script>alert('XSS')</script> is XSS filtered!");
  }
}