function XssTest::testQuestionSign

Same name and namespace in other branches
  1. 9 core/tests/Drupal/Tests/Component/Utility/XssTest.php \Drupal\Tests\Component\Utility\XssTest::testQuestionSign()
  2. 8.9.x core/tests/Drupal/Tests/Component/Utility/XssTest.php \Drupal\Tests\Component\Utility\XssTest::testQuestionSign()
  3. 10 core/tests/Drupal/Tests/Component/Utility/XssTest.php \Drupal\Tests\Component\Utility\XssTest::testQuestionSign()

Checks that strings starting with a question sign are correctly processed.

File

core/tests/Drupal/Tests/Component/Utility/XssTest.php, line 477

Class

XssTest
XSS Filtering tests.

Namespace

Drupal\Tests\Component\Utility

Code

public function testQuestionSign() : void {
    $value = Xss::filter('<?xml:namespace ns="urn:schemas-microsoft-com:time">');
    $this->assertStringNotContainsStringIgnoringCase('<?xml', $value, 'HTML tag stripping evasion -- starting with a question sign (processing instructions).');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.