function XssTest::testViewsUi

Same name in other branches
  1. 8.9.x core/modules/views_ui/tests/src/Functional/XssTest.php \Drupal\Tests\views_ui\Functional\XssTest::testViewsUi()
  2. 10 core/modules/views_ui/tests/src/Functional/XssTest.php \Drupal\Tests\views_ui\Functional\XssTest::testViewsUi()
  3. 11.x core/modules/views_ui/tests/src/Functional/XssTest.php \Drupal\Tests\views_ui\Functional\XssTest::testViewsUi()

File

core/modules/views_ui/tests/src/Functional/XssTest.php, line 24

Class

XssTest
Tests the Xss vulnerability.

Namespace

Drupal\Tests\views_ui\Functional

Code

public function testViewsUi() {
    $this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
    // Verify that the field admin label is properly escaped.
    $this->assertSession()
        ->assertEscaped('<marquee>test</marquee>');
    $this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
    // Verify that the token label is properly escaped.
    $this->assertSession()
        ->assertEscaped('{{ title }} == <marquee>test</marquee>');
    $this->assertSession()
        ->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.