function AddFeedTest::testFeedLabelEscaping

Same name in other branches
  1. 9 core/modules/aggregator/tests/src/Functional/AddFeedTest.php \Drupal\Tests\aggregator\Functional\AddFeedTest::testFeedLabelEscaping()

Ensures that the feed label is escaping when rendering the feed icon.

File

core/modules/aggregator/tests/src/Functional/AddFeedTest.php, line 59

Class

AddFeedTest
Add feed test.

Namespace

Drupal\Tests\aggregator\Functional

Code

public function testFeedLabelEscaping() {
    $feed = $this->createFeed(NULL, [
        'title[0][value]' => 'Test feed title <script>alert(123);</script>',
    ]);
    $this->checkForMetaRefresh();
    $this->drupalGet('aggregator/sources/' . $feed->id());
    $this->assertSession()
        ->statusCodeEquals(200);
    $this->assertEscaped('Test feed title <script>alert(123);</script>');
    $this->assertNoRaw('Test feed title <script>alert(123);</script>');
    // Ensure the feed icon title is escaped.
    $this->assertStringContainsString('class="feed-icon">  Subscribe to Test feed title &lt;script&gt;alert(123);&lt;/script&gt; feed</a>', str_replace([
        "\n",
        "\r",
    ], '', $this->getSession()
        ->getPage()
        ->getContent()));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.