| Server IP : 134.29.175.74 / Your IP : 216.73.216.160 Web Server : nginx/1.10.2 System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586 User : Administrator ( 0) PHP Version : 7.1.0 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : C:/nginx/html/Student/JimMartinson/Lab12/drupal/core/modules/node/src/Tests/ |
Upload File : |
<?php
namespace Drupal\node\Tests;
use Drupal\Component\Utility\Html;
/**
* Create a node with dangerous tags in its title and test that they are
* escaped.
*
* @group node
*/
class NodeTitleXSSTest extends NodeTestBase {
/**
* Tests XSS functionality with a node entity.
*/
public function testNodeTitleXSS() {
// Prepare a user to do the stuff.
$web_user = $this->drupalCreateUser(['create page content', 'edit any page content']);
$this->drupalLogin($web_user);
$xss = '<script>alert("xss")</script>';
$title = $xss . $this->randomMachineName();
$edit = [];
$edit['title[0][value]'] = $title;
$this->drupalPostForm('node/add/page', $edit, t('Preview'));
$this->assertNoRaw($xss, 'Harmful tags are escaped when previewing a node.');
$settings = ['title' => $title];
$node = $this->drupalCreateNode($settings);
$this->drupalGet('node/' . $node->id());
// Titles should be escaped.
$this->assertTitle(Html::escape($title) . ' | Drupal', 'Title is displayed when viewing a node.');
$this->assertNoRaw($xss, 'Harmful tags are escaped when viewing a node.');
$this->drupalGet('node/' . $node->id() . '/edit');
$this->assertNoRaw($xss, 'Harmful tags are escaped when editing a node.');
}
}