public function BlockXssTest::testXssInTitle in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/block/src/Tests/BlockXssTest.php \Drupal\block\Tests\BlockXssTest::testXssInTitle()
Tests XSS in title.
File
- core/
modules/ block/ src/ Tests/ BlockXssTest.php, line 44 - Contains \Drupal\block\Tests\BlockXssTest.
Class
- BlockXssTest
- Tests that the block module properly escapes block descriptions.
Namespace
Drupal\block\TestsCode
public function testXssInTitle() {
$this->container
->get('module_installer')
->install([
'block_test',
]);
$this
->drupalPlaceBlock('test_xss_title', [
'label' => '<script>alert("XSS label");</script>',
]);
\Drupal::state()
->set('block_test.content', $this
->randomMachineName());
$this
->drupalGet('');
$this
->assertNoRaw('<script>alert("XSS label");</script>', 'The block title was properly sanitized when rendered.');
$this
->drupalLogin($this
->drupalCreateUser([
'administer blocks',
'access administration pages',
]));
$default_theme = $this
->config('system.theme')
->get('default');
$this
->drupalGet('admin/structure/block/list/' . $default_theme);
$this
->assertNoRaw("<script>alert('XSS subject');</script>", 'The block title was properly sanitized in Block Plugin UI Admin page.');
}