You are here

protected function BlockXssTest::doMenuTest in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/block/src/Tests/BlockXssTest.php \Drupal\block\Tests\BlockXssTest::doMenuTest()

Tests XSS coming from Menu block labels.

1 call to BlockXssTest::doMenuTest()
BlockXssTest::testBlockXss in core/modules/block/src/Tests/BlockXssTest.php
Tests various modules that provide blocks for XSS.

File

core/modules/block/src/Tests/BlockXssTest.php, line 138
Contains \Drupal\block\Tests\BlockXssTest.

Class

BlockXssTest
Tests that the block module properly escapes block descriptions.

Namespace

Drupal\block\Tests

Code

protected function doMenuTest() {
  Menu::create([
    'id' => $this
      ->randomMachineName(),
    'label' => '<script>alert("menu");</script>',
  ])
    ->save();
  $this
    ->drupalGet(Url::fromRoute('block.admin_display'));
  $this
    ->clickLinkPartialName('Place block');
  $this
    ->assertEscaped('<script>alert("menu");</script>');
  $this
    ->assertNoRaw('<script>alert("menu");</script>');
}