class MenuLinkSecurityTest
Same name and namespace in other branches
- 11.x core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php \Drupal\Tests\system\Functional\Menu\MenuLinkSecurityTest
- 10 core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php \Drupal\Tests\system\Functional\Menu\MenuLinkSecurityTest
- 8.9.x core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php \Drupal\Tests\system\Functional\Menu\MenuLinkSecurityTest
Ensures that menu links don't cause XSS issues.
@group Menu
Hierarchy
- class \Drupal\Tests\BrowserTestBase uses \Drupal\Core\Test\FunctionalTestSetupTrait, \Drupal\Tests\UiHelperTrait, \Drupal\Core\Test\TestSetupTrait, \Drupal\Tests\block\Traits\BlockCreationTrait, \Drupal\FunctionalTests\AssertLegacyTrait, \Drupal\Tests\RandomGeneratorTrait, \Drupal\Tests\node\Traits\NodeCreationTrait, \Drupal\Tests\node\Traits\ContentTypeCreationTrait, \Drupal\Tests\ConfigTestTrait, \Drupal\Tests\TestRequirementsTrait, \Drupal\Tests\user\Traits\UserCreationTrait, \Drupal\Tests\XdebugRequestTrait, \Drupal\Tests\Traits\PhpUnitWarnings, \Drupal\Tests\PhpUnitCompatibilityTrait, \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait, \Drupal\Tests\ExtensionListTestTrait implements \PHPUnit\Framework\TestCase
- class \Drupal\Tests\system\Functional\Menu\MenuLinkSecurityTest implements \Drupal\Tests\BrowserTestBase
Expanded class hierarchy of MenuLinkSecurityTest
File
-
core/
modules/ system/ tests/ src/ Functional/ Menu/ MenuLinkSecurityTest.php, line 13
Namespace
Drupal\Tests\system\Functional\MenuView source
class MenuLinkSecurityTest extends BrowserTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = [
'menu_link_content',
'block',
'menu_test',
];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Ensures that a menu link does not cause an XSS issue.
*/
public function testMenuLink() {
$menu_link_content = MenuLinkContent::create([
'title' => '<script>alert("Wild animals")</script>',
'menu_name' => 'tools',
'link' => [
'uri' => 'route:<front>',
],
]);
$menu_link_content->save();
$this->drupalPlaceBlock('system_menu_block:tools');
$this->drupalGet('<front>');
$this->assertSession()
->responseNotContains('<script>alert("Wild animals")</script>');
$this->assertSession()
->responseNotContains('<script>alert("Even more wild animals")</script>');
$this->assertSession()
->assertEscaped('<script>alert("Wild animals")</script>');
$this->assertSession()
->assertEscaped('<script>alert("Even more wild animals")</script>');
}
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.