function NodeTitleXSSTestCase::testNodeTitleXSS

1 node.test NodeTitleXSSTestCase::testNodeTitleXSS()

Tests XSS functionality with a node entity.

File

core/modules/node/tests/node.test, line 1273: Tests for node.module.

Class

NodeTitleXSSTestCase: Tests XSS functionality with a node entity.

Code

function testNodeTitleXSS() {
  // Prepare a user to do the stuff.
  $web_user = $this->backdropCreateUser(array('create page content', 'edit any page content'));
  $this->backdropLogin($web_user);

  $xss = '<script>alert("xss")</script>';
  $title = $xss . $this->randomName();
  $edit = array("title" => $title);

  $settings = array('title' => $title);
  $node = $this->backdropCreateNode($settings);

  $this->backdropGet('node/' . $node->nid);
  // assertTitle() decodes HTML-entities inside the <title> element.
  $this->assertTitle($edit["title"] . ' | Backdrop CMS', 'Title is displayed when viewing a node.');
  $this->assertNoRaw($xss, 'Harmful tags are escaped when viewing a node.');

  $this->backdropGet('node/' . $node->nid . '/edit');
  $this->assertNoRaw($xss, 'Harmful tags are escaped when editing a node.');
}