function BlockXssTest::testXssInCategory

Same name in other branches
  1. 9 core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::testXssInCategory()
  2. 8.9.x core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::testXssInCategory()
  3. 11.x core/modules/block/tests/src/Functional/BlockXssTest.php \Drupal\Tests\block\Functional\BlockXssTest::testXssInCategory()

Tests XSS in category.

File

core/modules/block/tests/src/Functional/BlockXssTest.php, line 70

Class

BlockXssTest
Tests that the block module properly escapes block descriptions.

Namespace

Drupal\Tests\block\Functional

Code

public function testXssInCategory() : void {
    $this->container
        ->get('module_installer')
        ->install([
        'block_test',
    ]);
    $this->drupalPlaceBlock('test_xss_title');
    $this->drupalLogin($this->drupalCreateUser([
        'administer blocks',
        'access administration pages',
    ]));
    $this->drupalGet(Url::fromRoute('block.admin_display'));
    $this->clickLink('Place block');
    $this->assertSession()
        ->responseNotContains("<script>alert('XSS category');</script>");
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.