function ModuleThemePageXssVulnerabilityTest::testExtensionInfoXss

Same name in other branches
  1. 11.x core/modules/system/tests/src/Functional/ModuleThemePageXssVulnerabilityTest.php \Drupal\Tests\system\Functional\ModuleThemePageXssVulnerabilityTest::testExtensionInfoXss()

Tests extension info cannot create XSS vulnerabilities.

File

core/modules/system/tests/src/Functional/ModuleThemePageXssVulnerabilityTest.php, line 42

Class

ModuleThemePageXssVulnerabilityTest
Tests module and theme pages do not have XSS vulnerabilities.

Namespace

Drupal\Tests\system\Functional

Code

public function testExtensionInfoXss() : void {
    $this->drupalGet("admin/modules");
    $this->assertSession()
        ->pageTextContains("alert('Evil module name');");
    $this->assertSession()
        ->pageTextContains("alert('Evil module desc');");
    $this->assertSession()
        ->responseNotContains("<script>alert(");
    $this->drupalGet("admin/appearance");
    $this->assertSession()
        ->pageTextContains("alert('Evil theme name');");
    $this->assertSession()
        ->pageTextContains("alert('Evil theme desc');");
    $this->assertSession()
        ->responseNotContains("<script>alert(");
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.