public function MenuLinkSecurityTest::testMenuLink in Drupal 9
Same name and namespace in other branches
- 8 core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php \Drupal\Tests\system\Functional\Menu\MenuLinkSecurityTest::testMenuLink()
Ensures that a menu link does not cause an XSS issue.
File
- core/
modules/ system/ tests/ src/ Functional/ Menu/ MenuLinkSecurityTest.php, line 28
Class
- MenuLinkSecurityTest
- Ensures that menu links don't cause XSS issues.
Namespace
Drupal\Tests\system\Functional\MenuCode
public function testMenuLink() {
$menu_link_content = MenuLinkContent::create([
'title' => '<script>alert("Wild animals")</script>',
'menu_name' => 'tools',
'link' => [
'uri' => 'route:<front>',
],
]);
$menu_link_content
->save();
$this
->drupalPlaceBlock('system_menu_block:tools');
$this
->drupalGet('<front>');
$this
->assertSession()
->responseNotContains('<script>alert("Wild animals")</script>');
$this
->assertSession()
->responseNotContains('<script>alert("Even more wild animals")</script>');
$this
->assertSession()
->assertEscaped('<script>alert("Wild animals")</script>');
$this
->assertSession()
->assertEscaped('<script>alert("Even more wild animals")</script>');
}