You are here

Home » API reference » Zircon Profile 8 » FilterAdminTest.php » FilterAdminTest

function FilterAdminTest::testFilterTipHtmlEscape in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/filter/src/Tests/FilterAdminTest.php \Drupal\filter\Tests\FilterAdminTest::testFilterTipHtmlEscape()

Tests whether filter tips page is not HTML escaped.

File

core/modules/filter/src/Tests/FilterAdminTest.php, line 372
Contains \Drupal\filter\Tests\FilterAdminTest.

Class

FilterAdminTest
Thoroughly test the administrative interface of the filter module.

Namespace

Drupal\filter\Tests

Code

function testFilterTipHtmlEscape() {
  $this
    ->drupalLogin($this->adminUser);
  global $base_url;
  $site_name_with_markup = 'Filter test <script>alert(\'here\');</script> site name';
  $this
    ->config('system.site')
    ->set('name', $site_name_with_markup)
    ->save();

  // It is not possible to test the whole filter tip page.
  // Therefore we test only some parts.
  $link = '<a href="' . $base_url . '">' . Html::escape($site_name_with_markup) . '</a>';
  $ampersand = '&amp;';
  $link_as_code = '<code>' . Html::escape($link) . '</code>';
  $ampersand_as_code = '<code>' . Html::escape($ampersand) . '</code>';
  $this
    ->drupalGet('filter/tips');
  $this
    ->assertRaw('<td class="type">' . $link_as_code . '</td>');
  $this
    ->assertRaw('<td class="get">' . $link . '</td>');
  $this
    ->assertRaw('<td class="type">' . $ampersand_as_code . '</td>');
  $this
    ->assertRaw('<td class="get">' . $ampersand . '</td>');
}