Mercurial > hg > isophonics-drupal-site
comparison core/modules/node/tests/src/Functional/NodeTitleXSSTest.php @ 0:4c8ae668cc8c
Initial import (non-working)
| author | Chris Cannam |
|---|---|
| date | Wed, 29 Nov 2017 16:09:58 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4c8ae668cc8c |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\Tests\node\Functional; | |
| 4 | |
| 5 use Drupal\Component\Utility\Html; | |
| 6 | |
| 7 /** | |
| 8 * Create a node with dangerous tags in its title and test that they are | |
| 9 * escaped. | |
| 10 * | |
| 11 * @group node | |
| 12 */ | |
| 13 class NodeTitleXSSTest extends NodeTestBase { | |
| 14 | |
| 15 /** | |
| 16 * Tests XSS functionality with a node entity. | |
| 17 */ | |
| 18 public function testNodeTitleXSS() { | |
| 19 // Prepare a user to do the stuff. | |
| 20 $web_user = $this->drupalCreateUser(['create page content', 'edit any page content']); | |
| 21 $this->drupalLogin($web_user); | |
| 22 | |
| 23 $xss = '<script>alert("xss")</script>'; | |
| 24 $title = $xss . $this->randomMachineName(); | |
| 25 $edit = []; | |
| 26 $edit['title[0][value]'] = $title; | |
| 27 | |
| 28 $this->drupalPostForm('node/add/page', $edit, t('Preview')); | |
| 29 $this->assertNoRaw($xss, 'Harmful tags are escaped when previewing a node.'); | |
| 30 | |
| 31 $settings = ['title' => $title]; | |
| 32 $node = $this->drupalCreateNode($settings); | |
| 33 | |
| 34 $this->drupalGet('node/' . $node->id()); | |
| 35 // Titles should be escaped. | |
| 36 $this->assertRaw('<title>' . Html::escape($title) . ' | Drupal</title>', 'Title is displayed when viewing a node.'); | |
| 37 $this->assertNoRaw($xss, 'Harmful tags are escaped when viewing a node.'); | |
| 38 | |
| 39 $this->drupalGet('node/' . $node->id() . '/edit'); | |
| 40 $this->assertNoRaw($xss, 'Harmful tags are escaped when editing a node.'); | |
| 41 } | |
| 42 | |
| 43 } |