Same name and namespace in other branches

1. 11.x core/tests/Drupal/FunctionalTests/Asset/AssetXssTest.php \Drupal\FunctionalTests\Asset\AssetXssTest::testAssetUrl()

Test sanitization of the error message for an invalid asset.

Attributes

Throws

\Behat\Mink\Exception\ExpectationException

File

core/tests/Drupal/FunctionalTests/Asset/AssetXssTest.php, line 63

Class

AssetXssTest

Tests sanitization of error messages emitted by AssetControllerBase.

Namespace

Drupal\FunctionalTests\Asset

Code

public function testAssetUrl($path, $query) : void {
  $path = PublicStream::basePath() . $path;
  $this->drupalGet($path, [
    'query' => $query,
  ]);
  $this->assertSession()
    ->statusCodeEquals(400);
  $this->assertSession()
    ->responseContains('library name must include at least one slash');
  $this->assertSession()
    ->elementNotExists('xpath', '//img[contains(@onerror, "alert")]');
  // Swap the XSS payload into the exclude parameter.
  $query['exclude'] = $query['include'];
  $query['include'] = 'foo/bar';
  $this->drupalGet($path, [
    'query' => $query,
  ]);
  $this->assertSession()
    ->statusCodeEquals(400);
  $this->assertSession()
    ->responseContains('library name must include at least one slash');
  $this->assertSession()
    ->elementNotExists('xpath', '//img[contains(@onerror, "alert")]');
}

---