You are here

Home » API reference » Zircon Profile 8

MenuLinkSecurityTest.php in Zircon Profile 8

Same filename and directory in other branches
  1. 8.0 core/modules/system/src/Tests/Menu/MenuLinkSecurityTest.php

Contains \Drupal\system\Tests\Menu\MenuLinkSecurityTest.

Namespace

Drupal\system\Tests\Menu

File

core/modules/system/src/Tests/Menu/MenuLinkSecurityTest.php
View source 
<?php

/**
 * @file
 * Contains \Drupal\system\Tests\Menu\MenuLinkSecurityTest.
 */
namespace Drupal\system\Tests\Menu;

use Drupal\menu_link_content\Entity\MenuLinkContent;
use Drupal\simpletest\WebTestBase;

/**
 * Ensures that menu links don't cause XSS issues.
 *
 * @group Menu
 */
class MenuLinkSecurityTest extends WebTestBase {

  /**
   * {@inheritdoc}
   */
  public static $modules = [
    'menu_link_content',
    'block',
    'menu_test',
  ];

  /**
   * Ensures that a menu link does not cause an XSS issue.
   */
  public function testMenuLink() {
    $menu_link_content = MenuLinkContent::create([
      'title' => '<script>alert("Wild animals")</script>',
      'menu_name' => 'tools',
      'link' => [
        'uri' => 'route:<front>',
      ],
    ]);
    $menu_link_content
      ->save();
    $this
      ->drupalPlaceBlock('system_menu_block:tools');
    $this
      ->drupalGet('<front>');
    $this
      ->assertNoRaw('<script>alert("Wild animals")</script>');
    $this
      ->assertNoRaw('<script>alert("Even more wild animals")</script>');
    $this
      ->assertEscaped('<script>alert("Wild animals")</script>');
    $this
      ->assertEscaped('<script>alert("Even more wild animals")</script>');
  }

}

Classes

Namesort descending Description
MenuLinkSecurityTest Ensures that menu links don't cause XSS issues.