You are here

public function DBLogTestCase::testLogMessageSanitized in Drupal 7

Make sure HTML tags are filtered out in the log detail page.

File

modules/dblog/dblog.test, line 672
Tests for dblog.module.

Class

DBLogTestCase
Tests logging messages to the database.

Code

public function testLogMessageSanitized() {
  $this
    ->drupalLogin($this->big_user);

  // Make sure dangerous HTML tags are filtered out in log detail page.
  $log = array(
    'uid' => 0,
    'type' => 'custom',
    'message' => "<script>alert('foo');</script> <strong>Lorem ipsum</strong>",
    'variables' => NULL,
    'severity' => WATCHDOG_NOTICE,
    'link' => 'foo/bar',
    'request_uri' => 'http://example.com?dblog=1',
    'referer' => 'http://example.org?dblog=2',
    'ip' => '0.0.1.0',
    'timestamp' => REQUEST_TIME,
  );
  dblog_watchdog($log);
  $wid = db_query('SELECT MAX(wid) FROM {watchdog}')
    ->fetchField();
  $this
    ->drupalGet('admin/reports/event/' . $wid);
  $this
    ->assertResponse(200);
  $this
    ->assertNoRaw("<script>alert('foo');</script>");
  $this
    ->assertRaw("alert('foo'); <strong>Lorem ipsum</strong>");
}