You are here

public function LinkGeneratorTest::testGenerateXss in Drupal 9

Same name and namespace in other branches
  1. 8 core/tests/Drupal/Tests/Core/Utility/LinkGeneratorTest.php \Drupal\Tests\Core\Utility\LinkGeneratorTest::testGenerateXss()

Tests the link method with a script tab.

See also

\Drupal\Core\Utility\LinkGenerator::generate()

File

core/tests/Drupal/Tests/Core/Utility/LinkGeneratorTest.php, line 403

Class

LinkGeneratorTest
@coversDefaultClass \Drupal\Core\Utility\LinkGenerator @group Utility

Namespace

Drupal\Tests\Core\Utility

Code

public function testGenerateXss() {
  $this->urlGenerator
    ->expects($this
    ->once())
    ->method('generateFromRoute')
    ->with('test_route_4', [], $this->defaultOptions)
    ->willReturn((new GeneratedUrl())
    ->setGeneratedUrl('/test-route-4'));

  // Test that HTML link text is escaped by default.
  $url = new Url('test_route_4');
  $url
    ->setUrlGenerator($this->urlGenerator);
  $result = $this->linkGenerator
    ->generate("<script>alert('XSS!')</script>", $url);
  $this
    ->assertNoXPathResults('//a[@href="/test-route-4"]/script', $result);
}