public function MetatagXssTest::testXssEntityBody in Metatag 8
Verify XSS injected in the entity fields are not rendered.
File
- tests/
src/ Functional/ MetatagXssTest.php, line 208
Class
- MetatagXssTest
- Ensures that meta tags do not allow xss vulnerabilities.
Namespace
Drupal\Tests\metatag\FunctionalCode
public function testXssEntityBody() {
$save_label = floatval(\Drupal::VERSION) <= 8.300000000000001 ? $this
->t('Save and publish') : $this
->t('Save');
$this
->drupalGet('node/add/metatag_node');
$session = $this
->assertSession();
$session
->statusCodeEquals(200);
$edit = [
'title[0][value]' => $this
->randomString(),
'body[0][value]' => $this->xssTitleString,
];
$this
->drupalPostForm(NULL, $edit, $save_label);
// Check the body text.
// {@code}
// $this->assertNoTitle($this->xssTitleString);
// {@endcode}
$session
->responseNotContains($this->xssTitleString);
}