SupportTicketTitleXSSTest.php in Support Ticketing System 8
File
modules/support_ticket/src/Tests/SupportTicketTitleXSSTest.php
View source
<?php
namespace Drupal\support_ticket\Tests;
use Drupal\Component\Utility\Html;
class SupportTicketTitleXSSTest extends SupportTicketTestBase {
function testSupportTicketTitleXSS() {
$web_user = $this
->drupalCreateUser(array(
'access support tickets',
'create ticket ticket',
'edit any ticket ticket',
));
$this
->drupalLogin($web_user);
$xss = '<script>alert("xss")</script>';
$title = $xss . $this
->randomMachineName();
$edit = array();
$edit['title[0][value]'] = $title;
$this
->drupalPostForm('support_ticket/add/ticket', $edit, t('Preview'));
$this
->assertNoRaw($xss, 'Harmful tags are escaped when previewing a support_ticket.');
$settings = array(
'title' => $title,
);
$support_ticket = $this
->drupalCreateSupportTicket($settings);
$this
->drupalGet('support_ticket/' . $support_ticket
->id());
$this
->assertTitle(Html::escape($title) . ' | Drupal', 'Title is displayed when viewing a support_ticket.');
$this
->assertNoRaw($xss, 'Harmful tags are escaped when viewing a support_ticket.');
$this
->drupalGet('support_ticket/' . $support_ticket
->id() . '/edit');
$this
->assertNoRaw($xss, 'Harmful tags are escaped when editing a support_ticket.');
}
}