public function FieldCustomTest::testCustomFieldXss in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/views/src/Tests/Handler/FieldCustomTest.php \Drupal\views\Tests\Handler\FieldCustomTest::testCustomFieldXss()
Ensure that custom field content is XSS filtered.
File
- core/
modules/ views/ src/ Tests/ Handler/ FieldCustomTest.php, line 102 - Contains \Drupal\views\Tests\Handler\FieldCustomTest.
Class
- FieldCustomTest
- Tests the core Drupal\views\Plugin\views\field\Custom handler.
Namespace
Drupal\views\Tests\HandlerCode
public function testCustomFieldXss() {
$view = Views::getView('test_view');
$view
->setDisplay();
// Alter the text of the field to include XSS.
$text = '<script>alert("kittens")</script>';
$view->displayHandlers
->get('default')
->overrideOption('fields', array(
'name' => array(
'id' => 'name',
'table' => 'views_test_data',
'field' => 'name',
'relationship' => 'none',
'alter' => array(
'text' => $text,
),
),
));
$this
->executeView($view);
$this
->assertEqual(Xss::filter($text), $view->style_plugin
->getField(0, 'name'));
}