function DbLogTest::testOverviewLinks

Same name in other branches
  1. 9 core/modules/dblog/tests/src/Functional/DbLogTest.php \Drupal\Tests\dblog\Functional\DbLogTest::testOverviewLinks()
  2. 10 core/modules/dblog/tests/src/Functional/DbLogTest.php \Drupal\Tests\dblog\Functional\DbLogTest::testOverviewLinks()
  3. 11.x core/modules/dblog/tests/src/Functional/DbLogTest.php \Drupal\Tests\dblog\Functional\DbLogTest::testOverviewLinks()

Make sure HTML tags are filtered out in the log overview links.

File

core/modules/dblog/tests/src/Functional/DbLogTest.php, line 840

Class

DbLogTest
Generate events and verify dblog entries; verify user access to log reports based on permissions.

Namespace

Drupal\Tests\dblog\Functional

Code

public function testOverviewLinks() {
    $this->drupalLogin($this->adminUser);
    $this->generateLogEntries(1, [
        'message' => "&lt;script&gt;alert('foo');&lt;/script&gt;<strong>Lorem</strong> ipsum dolor sit amet, consectetur adipiscing & elit.",
    ]);
    $this->drupalGet('admin/reports/dblog');
    $this->assertSession()
        ->statusCodeEquals(200);
    // Make sure HTML tags are filtered out.
    $this->assertRaw('title="alert(&#039;foo&#039;);Lorem');
    $this->assertNoRaw("<script>alert('foo');</script>");
    // Make sure HTML tags are filtered out in admin/reports/dblog/event/ too.
    $this->generateLogEntries(1, [
        'message' => "<script>alert('foo');</script> <strong>Lorem ipsum</strong>",
    ]);
    $query = Database::getConnection()->select('watchdog');
    $query->addExpression('MAX(wid)');
    $wid = $query->execute()
        ->fetchField();
    $this->drupalGet('admin/reports/dblog/event/' . $wid);
    $this->assertNoRaw("<script>alert('foo');</script>");
    $this->assertRaw("alert('foo'); <strong>Lorem ipsum</strong>");
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.