public function SvgFormatterTest::testWithoutSanitization in SVG Formatter 8
Tests inline image output without sanitization.
File
- tests/
src/ Functional/ SvgFormatterTest.php, line 246
Class
- SvgFormatterTest
- Simple test to ensure that basic functionality of the module works.
Namespace
Drupal\Tests\svg_formatter\FunctionalCode
public function testWithoutSanitization() {
$media = $this
->createMediaEntity();
$media
->save();
$display = $this->container
->get('entity_type.manager')
->getStorage('entity_view_display')
->load('media.svg.default');
$component = $display
->getComponent('field_media_file');
$component['settings'] = [
'inline' => TRUE,
'sanitize' => FALSE,
'apply_dimensions' => FALSE,
'width' => 100,
'height' => 100,
'enable_alt' => TRUE,
'alt_string' => '',
'enable_title' => TRUE,
'title_string' => '',
];
$display
->setComponent('field_media_file', $component)
->save();
$this
->drupalGet('media/1');
$this
->assertSession()
->responseContains('alert("attack");');
}