X-Git-Url: http://www.aleph1.co.uk/gitweb/?a=blobdiff_plain;f=web%2Fcore%2Fmodules%2Fsystem%2Fsrc%2FTests%2FSystem%2FPageTitleTest.php;fp=web%2Fcore%2Fmodules%2Fsystem%2Fsrc%2FTests%2FSystem%2FPageTitleTest.php;h=3b4d38a500f6fbf55516ffa4151ece98514fda9d;hb=a2bd1bf0c2c1f1a17d188f4dc0726a45494cefae;hp=0000000000000000000000000000000000000000;hpb=57c063afa3f66b07c4bbddc2d6129a96d90f0aad;p=yaffs-website diff --git a/web/core/modules/system/src/Tests/System/PageTitleTest.php b/web/core/modules/system/src/Tests/System/PageTitleTest.php new file mode 100644 index 000000000..3b4d38a50 --- /dev/null +++ b/web/core/modules/system/src/Tests/System/PageTitleTest.php @@ -0,0 +1,145 @@ +drupalCreateContentType(['type' => 'page', 'name' => 'Basic page']); + + $this->drupalPlaceBlock('page_title_block'); + + $this->contentUser = $this->drupalCreateUser(['create page content', 'access content', 'administer themes', 'administer site configuration', 'link to any page']); + $this->drupalLogin($this->contentUser); + } + + /** + * Tests the handling of HTML in node titles. + */ + public function testTitleTags() { + $title = "string with HTML"; + // Generate node content. + $edit = [ + 'title[0][value]' => '!SimpleTest! ' . $title . $this->randomMachineName(20), + 'body[0][value]' => '!SimpleTest! test body' . $this->randomMachineName(200), + ]; + // Create the node with HTML in the title. + $this->drupalPostForm('node/add/page', $edit, t('Save')); + + $node = $this->drupalGetNodeByTitle($edit['title[0][value]']); + $this->assertNotNull($node, 'Node created and found in database'); + $this->assertText(Html::escape($edit['title[0][value]']), 'Check to make sure tags in the node title are converted.'); + $this->drupalGet("node/" . $node->id()); + $this->assertText(Html::escape($edit['title[0][value]']), 'Check to make sure tags in the node title are converted.'); + } + + /** + * Test if the title of the site is XSS proof. + */ + public function testTitleXSS() { + // Set some title with JavaScript and HTML chars to escape. + $title = ' & < > " \' '; + $title_filtered = Html::escape($title); + + $slogan = ''; + $slogan_filtered = Xss::filterAdmin($slogan); + + // Set title and slogan. + $edit = [ + 'site_name' => $title, + 'site_slogan' => $slogan, + ]; + $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration')); + + // Place branding block with site name and slogan into header region. + $this->drupalPlaceBlock('system_branding_block', ['region' => 'header']); + + // Load frontpage. + $this->drupalGet(''); + + // Test the title. + $this->assertNoRaw($title, 'Check for the lack of the unfiltered version of the title.'); + // Add to make sure we're checking the title tag, rather than the + // first 'heading' on the page. + $this->assertRaw($title_filtered . '', 'Check for the filtered version of the title in a