You are here

public function FieldCustomTest::testCustomFieldXss in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/views/src/Tests/Handler/FieldCustomTest.php \Drupal\views\Tests\Handler\FieldCustomTest::testCustomFieldXss()

Ensure that custom field content is XSS filtered.

File

core/modules/views/src/Tests/Handler/FieldCustomTest.php, line 102
Contains \Drupal\views\Tests\Handler\FieldCustomTest.

Class

FieldCustomTest
Tests the core Drupal\views\Plugin\views\field\Custom handler.

Namespace

Drupal\views\Tests\Handler

Code

public function testCustomFieldXss() {
  $view = Views::getView('test_view');
  $view
    ->setDisplay();

  // Alter the text of the field to include XSS.
  $text = '<script>alert("kittens")</script>';
  $view->displayHandlers
    ->get('default')
    ->overrideOption('fields', array(
    'name' => array(
      'id' => 'name',
      'table' => 'views_test_data',
      'field' => 'name',
      'relationship' => 'none',
      'alter' => array(
        'text' => $text,
      ),
    ),
  ));
  $this
    ->executeView($view);
  $this
    ->assertEqual(Xss::filter($text), $view->style_plugin
    ->getField(0, 'name'));
}