function ConfigTranslationUiTest::testLabelEscaping
Tests escaping of source configuration label.
File
-
core/
modules/ config_translation/ tests/ src/ Functional/ ConfigTranslationUiTest.php, line 339
Class
- ConfigTranslationUiTest
- Translate settings and entities to various languages.
Namespace
Drupal\Tests\config_translation\FunctionalCode
public function testLabelEscaping() : void {
$this->drupalLogin($this->adminUser);
// Testing via translating a role configuration.
$role_id = $this->randomMachineName(16);
$malicious_role_name = '">\'><img src="http://127.0.0.1/evil">';
$this->drupalCreateRole([], $role_id, $malicious_role_name);
// Visit the form that adds the translation of this label.
$translate_link = 'admin/people/roles/manage/' . $role_id . '/translate/fr/add';
$this->drupalGet($translate_link);
// Ensure that the displayed label is escaped.
$this->assertSession()
->responseNotContains('<img src="http://127.0.0.1/evil">');
$this->assertSession()
->responseContains('<span lang="en">">'><img src="http://127.0.0.1/evil"></span>');
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.