You are here

public function MenuLinkSecurityTest::testMenuLink in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/system/src/Tests/Menu/MenuLinkSecurityTest.php \Drupal\system\Tests\Menu\MenuLinkSecurityTest::testMenuLink()

Ensures that a menu link does not cause an XSS issue.

File

core/modules/system/src/Tests/Menu/MenuLinkSecurityTest.php, line 28
Contains \Drupal\system\Tests\Menu\MenuLinkSecurityTest.

Class

MenuLinkSecurityTest
Ensures that menu links don't cause XSS issues.

Namespace

Drupal\system\Tests\Menu

Code

public function testMenuLink() {
  $menu_link_content = MenuLinkContent::create([
    'title' => '<script>alert("Wild animals")</script>',
    'menu_name' => 'tools',
    'link' => [
      'uri' => 'route:<front>',
    ],
  ]);
  $menu_link_content
    ->save();
  $this
    ->drupalPlaceBlock('system_menu_block:tools');
  $this
    ->drupalGet('<front>');
  $this
    ->assertNoRaw('<script>alert("Wild animals")</script>');
  $this
    ->assertNoRaw('<script>alert("Even more wild animals")</script>');
  $this
    ->assertEscaped('<script>alert("Wild animals")</script>');
  $this
    ->assertEscaped('<script>alert("Even more wild animals")</script>');
}