function MenuLinkSecurityTest::testMenuLink
Same name in other branches
- 8.9.x core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php \Drupal\Tests\system\Functional\Menu\MenuLinkSecurityTest::testMenuLink()
- 10 core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php \Drupal\Tests\system\Functional\Menu\MenuLinkSecurityTest::testMenuLink()
- 11.x core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php \Drupal\Tests\system\Functional\Menu\MenuLinkSecurityTest::testMenuLink()
Ensures that a menu link does not cause an XSS issue.
File
-
core/
modules/ system/ tests/ src/ Functional/ Menu/ MenuLinkSecurityTest.php, line 28
Class
- MenuLinkSecurityTest
- Ensures that menu links don't cause XSS issues.
Namespace
Drupal\Tests\system\Functional\MenuCode
public function testMenuLink() {
$menu_link_content = MenuLinkContent::create([
'title' => '<script>alert("Wild animals")</script>',
'menu_name' => 'tools',
'link' => [
'uri' => 'route:<front>',
],
]);
$menu_link_content->save();
$this->drupalPlaceBlock('system_menu_block:tools');
$this->drupalGet('<front>');
$this->assertSession()
->responseNotContains('<script>alert("Wild animals")</script>');
$this->assertSession()
->responseNotContains('<script>alert("Even more wild animals")</script>');
$this->assertSession()
->assertEscaped('<script>alert("Wild animals")</script>');
$this->assertSession()
->assertEscaped('<script>alert("Even more wild animals")</script>');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.