You are here

public function MenuLinkSecurityTest::testMenuLink in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php \Drupal\Tests\system\Functional\Menu\MenuLinkSecurityTest::testMenuLink()

Ensures that a menu link does not cause an XSS issue.

File

core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php, line 28

Class

MenuLinkSecurityTest
Ensures that menu links don't cause XSS issues.

Namespace

Drupal\Tests\system\Functional\Menu

Code

public function testMenuLink() {
  $menu_link_content = MenuLinkContent::create([
    'title' => '<script>alert("Wild animals")</script>',
    'menu_name' => 'tools',
    'link' => [
      'uri' => 'route:<front>',
    ],
  ]);
  $menu_link_content
    ->save();
  $this
    ->drupalPlaceBlock('system_menu_block:tools');
  $this
    ->drupalGet('<front>');
  $this
    ->assertSession()
    ->responseNotContains('<script>alert("Wild animals")</script>');
  $this
    ->assertSession()
    ->responseNotContains('<script>alert("Even more wild animals")</script>');
  $this
    ->assertSession()
    ->assertEscaped('<script>alert("Wild animals")</script>');
  $this
    ->assertSession()
    ->assertEscaped('<script>alert("Even more wild animals")</script>');
}