function NodeTitleXSSTestCase::testNodeTitleXSS
Tests XSS functionality with a node entity.
File
-
modules/
node/ node.test, line 810
Class
- NodeTitleXSSTestCase
- Tests XSS functionality with a node entity.
Code
function testNodeTitleXSS() {
// Prepare a user to do the stuff.
$web_user = $this->drupalCreateUser(array(
'create page content',
'edit any page content',
));
$this->drupalLogin($web_user);
$xss = '<script>alert("xss")</script>';
$title = $xss . $this->randomName();
$edit = array(
"title" => $title,
);
$this->drupalPost('node/add/page', $edit, t('Preview'));
$this->assertNoRaw($xss, 'Harmful tags are escaped when previewing a node.');
$settings = array(
'title' => $title,
);
$node = $this->drupalCreateNode($settings);
$this->drupalGet('node/' . $node->nid);
// assertTitle() decodes HTML-entities inside the <title> element.
$this->assertTitle($edit["title"] . ' | Drupal', 'Title is diplayed when viewing a node.');
$this->assertNoRaw($xss, 'Harmful tags are escaped when viewing a node.');
$this->drupalGet('node/' . $node->nid . '/edit');
$this->assertNoRaw($xss, 'Harmful tags are escaped when editing a node.');
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.