function FilterAdminTest::testFilterTipHtmlEscape

Same name in other branches
  1. 9 core/modules/filter/tests/src/Functional/FilterAdminTest.php \Drupal\Tests\filter\Functional\FilterAdminTest::testFilterTipHtmlEscape()
  2. 8.9.x core/modules/filter/tests/src/Functional/FilterAdminTest.php \Drupal\Tests\filter\Functional\FilterAdminTest::testFilterTipHtmlEscape()
  3. 10 core/modules/filter/tests/src/Functional/FilterAdminTest.php \Drupal\Tests\filter\Functional\FilterAdminTest::testFilterTipHtmlEscape()

Tests whether filter tips page is not HTML escaped.

File

core/modules/filter/tests/src/Functional/FilterAdminTest.php, line 390

Class

FilterAdminTest
Thoroughly test the administrative interface of the filter module.

Namespace

Drupal\Tests\filter\Functional

Code

public function testFilterTipHtmlEscape() : void {
    $this->drupalLogin($this->adminUser);
    global $base_url;
    $site_name_with_markup = 'Filter test <script>alert(\'here\');</script> site name';
    $this->config('system.site')
        ->set('name', $site_name_with_markup)
        ->save();
    // It is not possible to test the whole filter tip page.
    // Therefore we test only some parts.
    $link = '<a href="' . $base_url . '">' . Html::escape($site_name_with_markup) . '</a>';
    $ampersand = '&amp;';
    $link_as_code = '<code>' . Html::escape($link) . '</code>';
    $ampersand_as_code = '<code>' . Html::escape($ampersand) . '</code>';
    $this->drupalGet('filter/tips');
    $this->assertSession()
        ->responseContains('<td class="type">' . $link_as_code . '</td>');
    $this->assertSession()
        ->responseContains('<td class="get">' . $link . '</td>');
    $this->assertSession()
        ->responseContains('<td class="type">' . $ampersand_as_code . '</td>');
    $this->assertSession()
        ->responseContains('<td class="get">' . $ampersand . '</td>');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.