function FieldCustomTest::testCustomFieldXss

Ensure that custom field content is XSS filtered.

File

core/modules/views/tests/src/Kernel/Handler/FieldCustomTest.php, line 95

Class

FieldCustomTest
Tests the core Drupal\views\Plugin\views\field\Custom handler.

Namespace

Drupal\Tests\views\Kernel\Handler

Code

public function testCustomFieldXss() {
  $view = Views::getView('test_view');
  $view->setDisplay();
  // Alter the text of the field to include XSS.
  $text = '<script>alert("kittens")</script>';
  $view->displayHandlers
    ->get('default')
    ->overrideOption('fields', [
    'name' => [
      'id' => 'name',
      'table' => 'views_test_data',
      'field' => 'name',
      'relationship' => 'none',
      'alter' => [
        'text' => $text,
      ],
    ],
  ]);
  $this->executeView($view);
  $this->assertEquals(Xss::filter($text), $view->style_plugin
    ->getField(0, 'name'));
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.