Chris@0: drupalCreateUser(['create page content', 'edit any page content']); Chris@0: $this->drupalLogin($web_user); Chris@0: Chris@0: $xss = ''; Chris@0: $title = $xss . $this->randomMachineName(); Chris@0: $edit = []; Chris@0: $edit['title[0][value]'] = $title; Chris@0: Chris@0: $this->drupalPostForm('node/add/page', $edit, t('Preview')); Chris@0: $this->assertNoRaw($xss, 'Harmful tags are escaped when previewing a node.'); Chris@0: Chris@0: $settings = ['title' => $title]; Chris@0: $node = $this->drupalCreateNode($settings); Chris@0: Chris@0: $this->drupalGet('node/' . $node->id()); Chris@0: // Titles should be escaped. Chris@0: $this->assertRaw('' . Html::escape($title) . ' | Drupal', 'Title is displayed when viewing a node.'); Chris@0: $this->assertNoRaw($xss, 'Harmful tags are escaped when viewing a node.'); Chris@0: Chris@0: $this->drupalGet('node/' . $node->id() . '/edit'); Chris@0: $this->assertNoRaw($xss, 'Harmful tags are escaped when editing a node.'); Chris@0: } Chris@0: Chris@0: }