function FilterAdminTest::testFilterTipHtmlEscape in Zircon Profile 8.0
Same name and namespace in other branches
- 8 core/modules/filter/src/Tests/FilterAdminTest.php \Drupal\filter\Tests\FilterAdminTest::testFilterTipHtmlEscape()
Tests whether filter tips page is not HTML escaped.
File
- core/
modules/ filter/ src/ Tests/ FilterAdminTest.php, line 372 - Contains \Drupal\filter\Tests\FilterAdminTest.
Class
- FilterAdminTest
- Thoroughly test the administrative interface of the filter module.
Namespace
Drupal\filter\TestsCode
function testFilterTipHtmlEscape() {
$this
->drupalLogin($this->adminUser);
global $base_url;
$site_name_with_markup = 'Filter test <script>alert(\'here\');</script> site name';
$this
->config('system.site')
->set('name', $site_name_with_markup)
->save();
// It is not possible to test the whole filter tip page.
// Therefore we test only some parts.
$link = '<a href="' . $base_url . '">' . Html::escape($site_name_with_markup) . '</a>';
$ampersand = '&';
$link_as_code = '<code>' . Html::escape($link) . '</code>';
$ampersand_as_code = '<code>' . Html::escape($ampersand) . '</code>';
$this
->drupalGet('filter/tips');
$this
->assertRaw('<td class="type">' . $link_as_code . '</td>');
$this
->assertRaw('<td class="get">' . $link . '</td>');
$this
->assertRaw('<td class="type">' . $ampersand_as_code . '</td>');
$this
->assertRaw('<td class="get">' . $ampersand . '</td>');
}