protected function BlockXssTest::doBlockContentTest in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/block/src/Tests/BlockXssTest.php \Drupal\block\Tests\BlockXssTest::doBlockContentTest()
Tests XSS coming from Block Content block info.
1 call to BlockXssTest::doBlockContentTest()
- BlockXssTest::testBlockXss in core/
modules/ block/ src/ Tests/ BlockXssTest.php - Tests various modules that provide blocks for XSS.
File
- core/
modules/ block/ src/ Tests/ BlockXssTest.php, line 154 - Contains \Drupal\block\Tests\BlockXssTest.
Class
- BlockXssTest
- Tests that the block module properly escapes block descriptions.
Namespace
Drupal\block\TestsCode
protected function doBlockContentTest() {
BlockContentType::create([
'id' => 'basic',
'label' => 'basic',
'revision' => TRUE,
])
->save();
BlockContent::create([
'type' => 'basic',
'info' => '<script>alert("block_content");</script>',
])
->save();
$this
->drupalGet(Url::fromRoute('block.admin_display'));
$this
->clickLinkPartialName('Place block');
$this
->assertEscaped('<script>alert("block_content");</script>');
$this
->assertNoRaw('<script>alert("block_content");</script>');
}