DateFormatTest.php in Drupal 9
File
core/modules/system/tests/src/FunctionalJavascript/System/DateFormatTest.php
View source
<?php
namespace Drupal\Tests\system\FunctionalJavascript\System;
use Drupal\Core\Datetime\Entity\DateFormat;
use Drupal\FunctionalJavascriptTests\WebDriverTestBase;
class DateFormatTest extends WebDriverTestBase {
protected static $modules = [
'block',
];
protected $defaultTheme = 'stark';
protected function setUp() : void {
parent::setUp();
$this
->drupalLogin($this
->drupalCreateUser([
'administer site configuration',
]));
$this
->drupalPlaceBlock('local_actions_block');
}
public function testDateFormatXss() {
$page = $this
->getSession()
->getPage();
$assert = $this
->assertSession();
$date_format = DateFormat::create([
'id' => 'xss_short',
'label' => 'XSS format',
'pattern' => '\\<\\s\\c\\r\\i\\p\\t\\>\\a\\l\\e\\r\\t\\(\\"\\X\\S\\S\\")\\;\\<\\/\\s\\c\\r\\i\\p\\t\\>',
]);
$date_format
->save();
$this
->drupalGet('admin/config/regional/date-time');
$assert
->assertEscaped('<script>alert("XSS");</script>', 'The date format was properly escaped');
$this
->drupalGet('admin/config/regional/date-time/formats/manage/xss_short');
$assert
->assertEscaped('<script>alert("XSS");</script>', 'The date format was properly escaped');
$this
->drupalGet('admin/config/regional/date-time/formats/add');
$date_format = '& \\<\\e\\m\\>Y\\<\\/\\e\\m\\>';
$page
->fillField('date_format_pattern', $date_format);
$assert
->waitForText('Displayed as');
$assert
->assertEscaped('<em>' . date("Y") . '</em>');
$page
->fillField('label', 'date_html_pattern');
$assert
->waitForLink('Edit');
$page
->pressButton('Add format');
$assert
->pageTextContains('Custom date format added.');
$assert
->assertEscaped('<em>' . date("Y") . '</em>');
}
}