XssTest.php

Same filename in this branch
  1. 11.x core/tests/Drupal/Tests/Component/Utility/XssTest.php
Same filename in other branches
  1. 9 core/modules/views_ui/tests/src/Functional/XssTest.php
  2. 9 core/tests/Drupal/Tests/Component/Utility/XssTest.php
  3. 8.9.x core/modules/views_ui/tests/src/Functional/XssTest.php
  4. 8.9.x core/tests/Drupal/Tests/Component/Utility/XssTest.php
  5. 10 core/modules/views_ui/tests/src/Functional/XssTest.php
  6. 10 core/tests/Drupal/Tests/Component/Utility/XssTest.php

Namespace

Drupal\Tests\views_ui\Functional

File

core/modules/views_ui/tests/src/Functional/XssTest.php

View source
<?php

declare (strict_types=1);
namespace Drupal\Tests\views_ui\Functional;


/**
 * Tests the Xss vulnerability.
 *
 * @group views_ui
 */
class XssTest extends UITestBase {
    
    /**
     * {@inheritdoc}
     */
    protected static $modules = [
        'node',
        'user',
        'views_ui',
        'views_ui_test',
    ];
    
    /**
     * {@inheritdoc}
     */
    protected $defaultTheme = 'stark';
    public function testViewsUi() : void {
        $this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
        // Verify that the field admin label is properly escaped.
        $this->assertSession()
            ->assertEscaped('<marquee>test</marquee>');
        $this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
        // Verify that the token label is properly escaped.
        $this->assertSession()
            ->assertEscaped('{{ title }} == <marquee>test</marquee>');
        $this->assertSession()
            ->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>');
    }
    
    /**
     * Checks the admin UI for double escaping.
     */
    public function testNoDoubleEscaping() : void {
        $this->drupalGet('admin/structure/views');
        $this->assertSession()
            ->pageTextContains('sa_contrib_2013_035');
        $this->assertSession()
            ->pageTextContains('Page (/foobar )');
        $this->assertSession()
            ->assertNoEscaped('&lt;');
        $this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
        $this->assertSession()
            ->assertNoEscaped('&lt;');
        $this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
        $this->assertSession()
            ->assertNoEscaped('&lt;');
    }

}

Classes

Title Deprecated Summary
XssTest Tests the Xss vulnerability.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.