You are here

Home » API reference » Metatag 8 » MetatagXssTest.php » MetatagXssTest

public function MetatagXssTest::testXssEntityBody in Metatag 8

Verify XSS injected in the entity fields are not rendered.

File

tests/src/Functional/MetatagXssTest.php, line 208

Class

MetatagXssTest
Ensures that meta tags do not allow xss vulnerabilities.

Namespace

Drupal\Tests\metatag\Functional

Code

public function testXssEntityBody() {
  $save_label = floatval(\Drupal::VERSION) <= 8.300000000000001 ? $this
    ->t('Save and publish') : $this
    ->t('Save');
  $this
    ->drupalGet('node/add/metatag_node');
  $session = $this
    ->assertSession();
  $session
    ->statusCodeEquals(200);
  $edit = [
    'title[0][value]' => $this
      ->randomString(),
    'body[0][value]' => $this->xssTitleString,
  ];
  $this
    ->drupalPostForm(NULL, $edit, $save_label);

  // Check the body text.
  // {@code}
  // $this->assertNoTitle($this->xssTitleString);
  // {@endcode}
  $session
    ->responseNotContains($this->xssTitleString);
}