function AddFeedTest::testFeedLabelEscaping

Same name and namespace in other branches
  1. 8.9.x core/modules/aggregator/tests/src/Functional/AddFeedTest.php \Drupal\Tests\aggregator\Functional\AddFeedTest::testFeedLabelEscaping()

Ensures that the feed label is escaping when rendering the feed icon.

File

core/modules/aggregator/tests/src/Functional/AddFeedTest.php, line 65

Class

AddFeedTest
Add feed test.

Namespace

Drupal\Tests\aggregator\Functional

Code

public function testFeedLabelEscaping() {
  $feed = $this->createFeed(NULL, [
    'title[0][value]' => 'Test feed title <script>alert(123);</script>',
  ]);
  $this->checkForMetaRefresh();
  $this->drupalGet('aggregator/sources/' . $feed->id());
  $this->assertSession()
    ->statusCodeEquals(200);
  $this->assertSession()
    ->assertEscaped('Test feed title <script>alert(123);</script>');
  $this->assertSession()
    ->responseNotContains('Test feed title <script>alert(123);</script>');
  // Ensure the feed icon title is escaped.
  $this->assertStringContainsString('class="feed-icon">  Subscribe to Test feed title &lt;script&gt;alert(123);&lt;/script&gt; feed</a>', str_replace([
    "\n",
    "\r",
  ], '', $this->getSession()
    ->getPage()
    ->getContent()));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.