function BlockXssTest::doBlockContentTest

Same name in other branches
  1. 9 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doBlockContentTest()
  2. 8.9.x core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doBlockContentTest()
  3. 10 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doBlockContentTest()

Tests XSS coming from Block Content block info.

1 call to BlockXssTest::doBlockContentTest()
BlockXssTest::testBlockXss in core/modules/block/tests/src/Functional/BlockXssTest.php
Tests various modules that provide blocks for XSS.

File

core/modules/block/tests/src/Functional/BlockXssTest.php, line 170

Class

BlockXssTest
Tests that the block module properly escapes block descriptions.

Namespace

Drupal\Tests\block\Functional

Code

protected function doBlockContentTest() : void {
    BlockContentType::create([
        'id' => 'basic',
        'label' => 'basic',
        'revision' => TRUE,
    ])->save();
    BlockContent::create([
        'type' => 'basic',
        'info' => '<script>alert("block_content");</script>',
    ])->save();
    $this->drupalGet(Url::fromRoute('block.admin_display'));
    $this->clickLink('Place block');
    $this->assertSession()
        ->assertEscaped('<script>alert("block_content");</script>');
    $this->assertSession()
        ->responseNotContains('<script>alert("block_content");</script>');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.