You are here

Home » API reference » Drupal 9 » XssTest.php » XssTest

public function XssTest::testViewsUi in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/views_ui/tests/src/Functional/XssTest.php \Drupal\Tests\views_ui\Functional\XssTest::testViewsUi()

File

core/modules/views_ui/tests/src/Functional/XssTest.php, line 24

Class

XssTest
Tests the Xss vulnerability.

Namespace

Drupal\Tests\views_ui\Functional

Code

public function testViewsUi() {
  $this
    ->drupalGet('admin/structure/views/view/sa_contrib_2013_035');

  // Verify that the field admin label is properly escaped.
  $this
    ->assertSession()
    ->assertEscaped('<marquee>test</marquee>');
  $this
    ->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');

  // Verify that the token label is properly escaped.
  $this
    ->assertSession()
    ->assertEscaped('{{ title }} == <marquee>test</marquee>');
  $this
    ->assertSession()
    ->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>');
}