function FilterAdminTest::testFilterTipHtmlEscape
Same name in other branches
- 9 core/modules/filter/tests/src/Functional/FilterAdminTest.php \Drupal\Tests\filter\Functional\FilterAdminTest::testFilterTipHtmlEscape()
- 8.9.x core/modules/filter/tests/src/Functional/FilterAdminTest.php \Drupal\Tests\filter\Functional\FilterAdminTest::testFilterTipHtmlEscape()
- 11.x core/modules/filter/tests/src/Functional/FilterAdminTest.php \Drupal\Tests\filter\Functional\FilterAdminTest::testFilterTipHtmlEscape()
Tests whether filter tips page is not HTML escaped.
File
-
core/
modules/ filter/ tests/ src/ Functional/ FilterAdminTest.php, line 391
Class
- FilterAdminTest
- Thoroughly test the administrative interface of the filter module.
Namespace
Drupal\Tests\filter\FunctionalCode
public function testFilterTipHtmlEscape() : void {
$this->drupalLogin($this->adminUser);
global $base_url;
$site_name_with_markup = 'Filter test <script>alert(\'here\');</script> site name';
$this->config('system.site')
->set('name', $site_name_with_markup)
->save();
// It is not possible to test the whole filter tip page.
// Therefore we test only some parts.
$link = '<a href="' . $base_url . '">' . Html::escape($site_name_with_markup) . '</a>';
$ampersand = '&';
$link_as_code = '<code>' . Html::escape($link) . '</code>';
$ampersand_as_code = '<code>' . Html::escape($ampersand) . '</code>';
$this->drupalGet('filter/tips');
$this->assertSession()
->responseContains('<td class="type">' . $link_as_code . '</td>');
$this->assertSession()
->responseContains('<td class="get">' . $link . '</td>');
$this->assertSession()
->responseContains('<td class="type">' . $ampersand_as_code . '</td>');
$this->assertSession()
->responseContains('<td class="get">' . $ampersand . '</td>');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.