function ElementsLabelsTest::testTitleEscaping

Same name in other branches
  1. 8.9.x core/modules/system/tests/src/Functional/Form/ElementsLabelsTest.php \Drupal\Tests\system\Functional\Form\ElementsLabelsTest::testTitleEscaping()
  2. 10 core/modules/system/tests/src/Functional/Form/ElementsLabelsTest.php \Drupal\Tests\system\Functional\Form\ElementsLabelsTest::testTitleEscaping()
  3. 11.x core/modules/system/tests/src/Functional/Form/ElementsLabelsTest.php \Drupal\Tests\system\Functional\Form\ElementsLabelsTest::testTitleEscaping()

Tests XSS-protection of element labels.

File

core/modules/system/tests/src/Functional/Form/ElementsLabelsTest.php, line 105

Class

ElementsLabelsTest
Tests form element labels, required markers and associated output.

Namespace

Drupal\Tests\system\Functional\Form

Code

public function testTitleEscaping() {
    $this->drupalGet('form_test/form-labels');
    foreach (FormTestLabelForm::$typesWithTitle as $type) {
        $this->assertSession()
            ->responseContains("{$type} alert('XSS') is XSS filtered!");
        $this->assertSession()
            ->responseNotContains("{$type} <script>alert('XSS')</script> is XSS filtered!");
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.