You are here

function CommonURLUnitTest::testLXSS in Drupal 7

Confirm that invalid text given as $path is filtered.

File

modules/simpletest/tests/common.test, line 88: Tests for common.inc functionality.

Class

CommonURLUnitTest: Tests for URL generation functions.

Code

function testLXSS() {
  $text = $this
    ->randomName();
  $path = "<SCRIPT>alert('XSS')</SCRIPT>";
  $link = l($text, $path);
  $sanitized_path = check_url(url($path));
  $this
    ->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered', array(
    '@path' => $path,
  )));
}