function BlockXssTest::doMenuTest

Same name in other branches
  1. 9 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doMenuTest()
  2. 10 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doMenuTest()
  3. 11.x core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::doMenuTest()

Tests XSS coming from Menu block labels.

1 call to BlockXssTest::doMenuTest()
BlockXssTest::testBlockXss in core/modules/block/tests/src/Functional/BlockXssTest.php
Tests various modules that provide blocks for XSS.

File

core/modules/block/tests/src/Functional/BlockXssTest.php, line 147

Class

BlockXssTest
Tests that the block module properly escapes block descriptions.

Namespace

Drupal\Tests\block\Functional

Code

protected function doMenuTest() {
    Menu::create([
        'id' => $this->randomMachineName(),
        'label' => '<script>alert("menu");</script>',
    ])
        ->save();
    $this->drupalGet(Url::fromRoute('block.admin_display'));
    $this->clickLink('Place block');
    $this->assertEscaped('<script>alert("menu");</script>');
    $this->assertNoRaw('<script>alert("menu");</script>');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.