function SearchPageTextTest::testSearchLabelXSS

Same name in other branches
  1. 9 core/modules/search/tests/src/Functional/SearchPageTextTest.php \Drupal\Tests\search\Functional\SearchPageTextTest::testSearchLabelXSS()
  2. 10 core/modules/search/tests/src/Functional/SearchPageTextTest.php \Drupal\Tests\search\Functional\SearchPageTextTest::testSearchLabelXSS()
  3. 11.x core/modules/search/tests/src/Functional/SearchPageTextTest.php \Drupal\Tests\search\Functional\SearchPageTextTest::testSearchLabelXSS()

Tests for XSS in search module local task.

This is a regression test for https://www.drupal.org/node/2338081

File

core/modules/search/tests/src/Functional/SearchPageTextTest.php, line 56

Class

SearchPageTextTest
Tests the search help text and search page text.

Namespace

Drupal\Tests\search\Functional

Code

public function testSearchLabelXSS() {
    $this->drupalLogin($this->drupalCreateUser([
        'administer search',
    ]));
    $keys['label'] = '<script>alert("Don\'t Panic");</script>';
    $this->drupalPostForm('admin/config/search/pages/manage/node_search', $keys, t('Save search page'));
    $this->drupalLogin($this->searchingUser);
    $this->drupalGet('search/node');
    $this->assertEscaped($keys['label']);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.