NodeTitleXSSTest | NodeTitleXSSTest.php | Drupal 10.3

Same name and namespace in other branches

8.9.x core/modules/node/tests/src/Functional/NodeTitleXSSTest.php \Drupal\Tests\node\Functional\NodeTitleXSSTest
9 core/modules/node/tests/src/Functional/NodeTitleXSSTest.php \Drupal\Tests\node\Functional\NodeTitleXSSTest

Tests that dangerous tags in the node title are escaped.

@group node

Hierarchy

class \Drupal\Tests\node\Functional\NodeTestBase extends \Drupal\Tests\BrowserTestBase
- class \Drupal\Tests\node\Functional\NodeTitleXSSTest

Expanded class hierarchy of NodeTitleXSSTest

File

core/modules/node/tests/src/Functional/NodeTitleXSSTest.php, line 14

Namespace

Drupal\Tests\node\Functional

View source

class NodeTitleXSSTest extends NodeTestBase {

  /**
   * {@inheritdoc}
   */
  protected $defaultTheme = 'stark';

  /**
   * Tests XSS functionality with a node entity.
   */
  public function testNodeTitleXSS() {

    // Prepare a user to do the stuff.
    $web_user = $this
      ->drupalCreateUser([
      'create page content',
      'edit any page content',
    ]);
    $this
      ->drupalLogin($web_user);
    $xss = '<script>alert("xss")</script>';
    $title = $xss . $this
      ->randomMachineName();
    $edit = [];
    $edit['title[0][value]'] = $title;
    $this
      ->drupalGet('node/add/page');
    $this
      ->submitForm($edit, 'Preview');

    // Verify that harmful tags are escaped when previewing a node.
    $this
      ->assertSession()
      ->responseNotContains($xss);
    $settings = [
      'title' => $title,
    ];
    $node = $this
      ->drupalCreateNode($settings);
    $this
      ->drupalGet('node/' . $node
      ->id());

    // Titles should be escaped.
    $this
      ->assertSession()
      ->responseContains('<title>' . Html::escape($title) . ' | Drupal</title>');
    $this
      ->assertSession()
      ->responseNotContains($xss);
    $this
      ->drupalGet('node/' . $node
      ->id() . '/edit');
    $this
      ->assertSession()
      ->responseNotContains($xss);
  }

}

Members

Name	Modifiers	Type	Description	Overrides
NodeTestBase::$accessHandler	protected	property	The node access control handler.
NodeTestBase::$modules	protected static	property	Modules to enable.	33
NodeTestBase::assertNodeAccess	public	function	Asserts that node access correctly grants or denies access.
NodeTestBase::assertNodeCreateAccess	public	function	Asserts that node create access correctly grants or denies access.
NodeTestBase::nodeAccessAssertMessage	public	function	Constructs an assert message to display which node access was tested.
NodeTestBase::setUp	protected	function		28
NodeTitleXSSTest::$defaultTheme	protected	property
NodeTitleXSSTest::testNodeTitleXSS	public	function	Tests XSS functionality with a node entity.

class NodeTitleXSSTest

Hierarchy

File

Namespace

Members

Search Drupal 10.3

News items

Our community

Documentation

Drupal code base

Governance of community