3 namespace Drupal\views_ui\Tests;
6 * Tests the Xss vulnerability.
10 class XssTest extends UITestBase {
17 public static $modules = ['node', 'user', 'views_ui', 'views_ui_test'];
19 public function testViewsUi() {
20 $this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
21 $this->assertEscaped('<marquee>test</marquee>', 'Field admin label is properly escaped.');
23 $this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
24 $this->assertEscaped('{{ title }} == <marquee>test</marquee>', 'Token label is properly escaped.');
25 $this->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>', 'Token label is properly escaped.');
29 * Checks the admin UI for double escaping.
31 public function testNoDoubleEscaping() {
32 $this->drupalGet('admin/structure/views');
33 $this->assertNoEscaped('<');
35 $this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
36 $this->assertNoEscaped('<');
38 $this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
39 $this->assertNoEscaped('<');