function FieldCustomTest::testCustomFieldXss

Same name in other branches
  1. 9 core/modules/views/tests/src/Kernel/Handler/FieldCustomTest.php \Drupal\Tests\views\Kernel\Handler\FieldCustomTest::testCustomFieldXss()
  2. 8.9.x core/modules/views/tests/src/Kernel/Handler/FieldCustomTest.php \Drupal\Tests\views\Kernel\Handler\FieldCustomTest::testCustomFieldXss()
  3. 11.x core/modules/views/tests/src/Kernel/Handler/FieldCustomTest.php \Drupal\Tests\views\Kernel\Handler\FieldCustomTest::testCustomFieldXss()

Ensure that custom field content is XSS filtered.

File

core/modules/views/tests/src/Kernel/Handler/FieldCustomTest.php, line 97

Class

FieldCustomTest
Tests the core Drupal\views\Plugin\views\field\Custom handler.

Namespace

Drupal\Tests\views\Kernel\Handler

Code

public function testCustomFieldXss() : void {
    $view = Views::getView('test_view');
    $view->setDisplay();
    // Alter the text of the field to include XSS.
    $text = '<script>alert("kittens")</script>';
    $view->displayHandlers
        ->get('default')
        ->overrideOption('fields', [
        'name' => [
            'id' => 'name',
            'table' => 'views_test_data',
            'field' => 'name',
            'relationship' => 'none',
            'alter' => [
                'text' => $text,
            ],
        ],
    ]);
    $this->executeView($view);
    $this->assertEquals(Xss::filter($text), $view->style_plugin
        ->getField(0, 'name'));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.