XssTest.php in Drupal 10
File
core/modules/views_ui/tests/src/Functional/XssTest.php
View source
<?php
namespace Drupal\Tests\views_ui\Functional;
class XssTest extends UITestBase {
protected static $modules = [
'node',
'user',
'views_ui',
'views_ui_test',
];
protected $defaultTheme = 'stark';
public function testViewsUi() {
$this
->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
$this
->assertSession()
->assertEscaped('<marquee>test</marquee>');
$this
->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
$this
->assertSession()
->assertEscaped('{{ title }} == <marquee>test</marquee>');
$this
->assertSession()
->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>');
}
public function testNoDoubleEscaping() {
$this
->drupalGet('admin/structure/views');
$this
->assertSession()
->assertNoEscaped('<');
$this
->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
$this
->assertSession()
->assertNoEscaped('<');
$this
->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
$this
->assertSession()
->assertNoEscaped('<');
}
}