function WebAssertTest::testEscapingAssertions

Tests assertEscaped() and assertUnescaped().

@covers ::assertNoEscaped
@covers ::assertEscaped

File

core/tests/Drupal/Tests/Core/Test/WebAssertTest.php, line 424

Class

WebAssertTest

Tests WebAssert functionality.

Namespace

Code

public function testEscapingAssertions() : void {
  $assert = $this->assertSession();
  $this->visit('', '<div class="escaped">Escaped: &lt;&quot;&#039;&amp;&gt;</div>');
  $assert->assertNoEscaped('<div class="escaped">');
  $assert->responseContains('<div class="escaped">');
  $assert->assertEscaped('Escaped: <"\'&>');
  $this->visit('', '<div class="escaped">&lt;script&gt;alert(&#039;XSS&#039;);alert(&quot;XSS&quot;);&lt;/script&gt;</div>');
  $assert->assertNoEscaped('<div class="escaped">');
  $assert->responseContains('<div class="escaped">');
  $assert->assertEscaped("<script>alert('XSS');alert(\"XSS\");</script>");
  $this->visit('', <<<HTML
        <div class="unescaped"><script>alert('Marked safe');alert("Marked safe");</script></div>
HTML
);
  $this->session
    ->visit('');
  $assert->assertNoEscaped('<div class="unescaped">');
  $assert->responseContains('<div class="unescaped">');
  $assert->responseContains("<script>alert('Marked safe');alert(\"Marked safe\");</script>");
  $assert->assertNoEscaped("<script>alert('Marked safe');alert(\"Marked safe\");</script>");
  $this->addToAssertionCount(10);
}