function DisplayPathTest::doPathXssFilterTest
Same name in other branches
- 9 core/modules/views_ui/tests/src/Functional/DisplayPathTest.php \Drupal\Tests\views_ui\Functional\DisplayPathTest::doPathXssFilterTest()
- 8.9.x core/modules/views_ui/tests/src/Functional/DisplayPathTest.php \Drupal\Tests\views_ui\Functional\DisplayPathTest::doPathXssFilterTest()
- 10 core/modules/views_ui/tests/src/Functional/DisplayPathTest.php \Drupal\Tests\views_ui\Functional\DisplayPathTest::doPathXssFilterTest()
Tests that View paths are properly filtered for XSS.
1 call to DisplayPathTest::doPathXssFilterTest()
- DisplayPathTest::testPathUI in core/
modules/ views_ui/ tests/ src/ Functional/ DisplayPathTest.php - Runs the tests.
File
-
core/
modules/ views_ui/ tests/ src/ Functional/ DisplayPathTest.php, line 80
Class
- DisplayPathTest
- Tests the UI of generic display path plugin.
Namespace
Drupal\Tests\views_ui\FunctionalCode
public function doPathXssFilterTest() : void {
$this->drupalGet('admin/structure/views/view/test_view');
$this->submitForm([], 'Add Page');
$this->drupalGet('admin/structure/views/nojs/display/test_view/page_2/path');
$this->submitForm([
'path' => '<object>malformed_path</object>',
], 'Apply');
$this->submitForm([], 'Add Page');
$this->drupalGet('admin/structure/views/nojs/display/test_view/page_3/path');
$this->submitForm([
'path' => '<script>alert("hello");</script>',
], 'Apply');
$this->submitForm([], 'Add Page');
$this->drupalGet('admin/structure/views/nojs/display/test_view/page_4/path');
$this->submitForm([
'path' => '<script>alert("hello I have placeholders %");</script>',
], 'Apply');
$this->drupalGet('admin/structure/views/view/test_view');
$this->submitForm([], 'Save');
$this->drupalGet('admin/structure/views');
// The anchor text should be escaped.
$this->assertSession()
->assertEscaped('/<object>malformed_path</object>');
$this->assertSession()
->assertEscaped('/<script>alert("hello");</script>');
$this->assertSession()
->assertEscaped('/<script>alert("hello I have placeholders %");</script>');
// Links should be URL-encoded.
$this->assertSession()
->responseContains('/%3Cobject%3Emalformed_path%3C/object%3E');
$this->assertSession()
->responseContains('/%3Cscript%3Ealert%28%22hello%22%29%3B%3C/script%3E');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.