3 namespace Drupal\Tests\system\Functional\System;
5 use Drupal\Component\Utility\Html;
6 use Drupal\Component\Utility\Xss;
7 use Drupal\Core\Site\Settings;
8 use Drupal\Tests\BrowserTestBase;
11 * Tests HTML output escaping of page title, site name, and slogan.
15 class PageTitleTest extends BrowserTestBase {
22 public static $modules = ['node', 'test_page_test', 'form_test', 'block'];
24 protected $contentUser;
25 protected $savedTitle;
30 protected function setUp() {
33 $this->drupalCreateContentType(['type' => 'page', 'name' => 'Basic page']);
35 $this->drupalPlaceBlock('page_title_block');
37 $this->contentUser = $this->drupalCreateUser(['create page content', 'access content', 'administer themes', 'administer site configuration', 'link to any page']);
38 $this->drupalLogin($this->contentUser);
42 * Tests the handling of HTML in node titles.
44 public function testTitleTags() {
45 $title = "string with <em>HTML</em>";
46 // Generate node content.
48 'title[0][value]' => '!SimpleTest! ' . $title . $this->randomMachineName(20),
49 'body[0][value]' => '!SimpleTest! test body' . $this->randomMachineName(200),
51 // Create the node with HTML in the title.
52 $this->drupalPostForm('node/add/page', $edit, t('Save'));
54 $node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
55 $this->assertNotNull($node, 'Node created and found in database');
56 $this->assertText(Html::escape($edit['title[0][value]']), 'Check to make sure tags in the node title are converted.');
57 $this->drupalGet("node/" . $node->id());
58 $this->assertText(Html::escape($edit['title[0][value]']), 'Check to make sure tags in the node title are converted.');
62 * Test if the title of the site is XSS proof.
64 public function testTitleXSS() {
65 // Set some title with JavaScript and HTML chars to escape.
66 $title = '</title><script type="text/javascript">alert("Title XSS!");</script> & < > " \' ';
67 $title_filtered = Html::escape($title);
69 $slogan = '<script type="text/javascript">alert("Slogan XSS!");</script>';
70 $slogan_filtered = Xss::filterAdmin($slogan);
72 // Set title and slogan.
74 'site_name' => $title,
75 'site_slogan' => $slogan,
77 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
79 // Place branding block with site name and slogan into header region.
80 $this->drupalPlaceBlock('system_branding_block', ['region' => 'header']);
86 $this->assertNoRaw($title, 'Check for the lack of the unfiltered version of the title.');
87 // Add </title> to make sure we're checking the title tag, rather than the
88 // first 'heading' on the page.
89 $this->assertRaw($title_filtered . '</title>', 'Check for the filtered version of the title in a <title> tag.');
92 $this->assertNoRaw($slogan, 'Check for the unfiltered version of the slogan.');
93 $this->assertRaw($slogan_filtered, 'Check for the filtered version of the slogan.');
97 * Tests the page title of render arrays.
99 * @see \Drupal\test_page_test\Controller\Test
101 public function testRoutingTitle() {
102 // Test the '#title' render array attribute.
103 $this->drupalGet('test-render-title');
105 $this->assertTitle('Foo | Drupal');
106 $result = $this->xpath('//h1[@class="page-title"]');
107 $this->assertEqual('Foo', $result[0]->getText());
110 $this->drupalGet('form-test/object-builder');
112 $this->assertTitle('Test dynamic title | Drupal');
113 $result = $this->xpath('//h1[@class="page-title"]');
114 $this->assertEqual('Test dynamic title', $result[0]->getText());
116 // Set some custom translated strings.
117 $settings_key = 'locale_custom_strings_en';
119 // Update in-memory settings directly.
120 $settings = Settings::getAll();
121 $settings[$settings_key] = ['' => ['Static title' => 'Static title translated']];
122 new Settings($settings);
124 // Rewrites the settings.php.
125 $this->writeSettings([
127 $settings_key => (object) [
128 'value' => $settings[$settings_key],
134 // Ensure that the title got translated.
135 $this->drupalGet('test-page-static-title');
137 $this->assertTitle('Static title translated | Drupal');
138 $result = $this->xpath('//h1[@class="page-title"]');
139 $this->assertEqual('Static title translated', $result[0]->getText());
141 // Test the dynamic '_title_callback' route option.
142 $this->drupalGet('test-page-dynamic-title');
144 $this->assertTitle('Dynamic title | Drupal');
145 $result = $this->xpath('//h1[@class="page-title"]');
146 $this->assertEqual('Dynamic title', $result[0]->getText());
148 // Ensure that titles are cacheable and are escaped normally if the
149 // controller does not escape them.
150 $this->drupalGet('test-page-cached-controller');
151 $this->assertTitle('Cached title | Drupal');
152 $this->assertRaw(Html::escape('<span>Cached title</span>') . '</h1>');
153 $this->drupalGet('test-page-cached-controller');
154 $this->assertTitle('Cached title | Drupal');
155 $this->assertRaw(Html::escape('<span>Cached title</span>') . '</h1>');