BlockTitleXSSTest.php

Contains \Drupal\block\Tests\BlockTitleXSSTest.

Namespace

File

drupal/core/modules/block/lib/Drupal/block/Tests/BlockTitleXSSTest.php

View source

<?php

/**
 * @file
 * Contains \Drupal\block\Tests\BlockTitleXSSTest.
 */
namespace Drupal\block\Tests;

use Drupal\simpletest\WebTestBase;

/**
 * Tests block XSS in title.
 */
class BlockTitleXSSTest extends WebTestBase {

  /**
   * Modules to enable.
   *
   * @var array
   */
  public static $modules = array(
    'block',
    'block_test',
  );
  public static function getInfo() {
    return array(
      'name' => 'Block XSS Title',
      'description' => 'Test block XSS in title.',
      'group' => 'Block',
    );
  }
  protected function setUp() {
    parent::setUp();
    $this
      ->drupalPlaceBlock('test_xss_title', array(
      'label' => '<script>alert("XSS label");</script>',
    ));
  }

  /**
   * Test XSS in title.
   */
  function testXSSInTitle() {
    \Drupal::state()
      ->set('block_test.content', $this
      ->randomName());
    $this
      ->drupalGet('');
    $this
      ->assertNoRaw('<script>alert("XSS label");</script>', 'The block title was properly sanitized when rendered.');
    $this
      ->drupalLogin($this
      ->drupalCreateUser(array(
      'administer blocks',
      'access administration pages',
    )));
    $default_theme = config('system.theme')
      ->get('default');
    $this
      ->drupalGet('admin/structure/block/list/block_plugin_ui:' . $default_theme . '/add');
    $this
      ->assertNoRaw("<script>alert('XSS subject');</script>", 'The block title was properly sanitized in Block Plugin UI Admin page.');
  }

}

Classes

Name	Description
BlockTitleXSSTest	Tests block XSS in title.

Main menu

Search Drupal 8.x

API Navigation

BlockTitleXSSTest.php

Namespace

File

Classes

Main menu

You are here

Search Drupal 8.x

API Navigation

BlockTitleXSSTest.php

Namespace

File

Classes