function HandlerTest::testHandlerHelpEscaping

Same name in other branches
  1. 9 core/modules/views_ui/tests/src/Functional/HandlerTest.php \Drupal\Tests\views_ui\Functional\HandlerTest::testHandlerHelpEscaping()
  2. 8.9.x core/modules/views_ui/tests/src/Functional/HandlerTest.php \Drupal\Tests\views_ui\Functional\HandlerTest::testHandlerHelpEscaping()
  3. 11.x core/modules/views_ui/tests/src/Functional/HandlerTest.php \Drupal\Tests\views_ui\Functional\HandlerTest::testHandlerHelpEscaping()

Tests escaping of field labels in help text.

File

core/modules/views_ui/tests/src/Functional/HandlerTest.php, line 191

Class

HandlerTest
Tests handler UI for views.

Namespace

Drupal\Tests\views_ui\Functional

Code

public function testHandlerHelpEscaping() : void {
    // Setup a field with two instances using a different label.
    // Ensure that the label is escaped properly.
    $this->drupalCreateContentType([
        'type' => 'article',
    ]);
    $this->drupalCreateContentType([
        'type' => 'page',
    ]);
    FieldStorageConfig::create([
        'field_name' => 'field_test',
        'entity_type' => 'node',
        'type' => 'string',
    ])->save();
    FieldConfig::create([
        'field_name' => 'field_test',
        'entity_type' => 'node',
        'bundle' => 'page',
        'label' => 'The giraffe" label',
    ])->save();
    FieldConfig::create([
        'field_name' => 'field_test',
        'entity_type' => 'node',
        'bundle' => 'article',
        'label' => 'The <em>giraffe"</em> label <script>alert("the return of the xss")</script>',
    ])->save();
    $this->drupalGet('admin/structure/views/nojs/add-handler/content/default/field');
    $this->assertSession()
        ->assertEscaped('The <em>giraffe"</em> label <script>alert("the return of the xss")</script>');
    $this->assertSession()
        ->assertEscaped('Appears in: page, article. Also known as: Content: The giraffe" label');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.