namespace Drupal\Tests\system\Functional\Form;
+use Drupal\form_test\Form\FormTestLabelForm;
use Drupal\Tests\BrowserTestBase;
/**
$this->assertTrue(!empty($elements), "Title/Label not displayed when 'visually-hidden' attribute is set in radios.");
}
+ /**
+ * Tests XSS-protection of element labels.
+ */
+ public function testTitleEscaping() {
+ $this->drupalGet('form_test/form-labels');
+ foreach (FormTestLabelForm::$typesWithTitle as $type) {
+ $this->assertSession()->responseContains("$type alert('XSS') is XSS filtered!");
+ $this->assertSession()->responseNotContains("$type <script>alert('XSS')</script> is XSS filtered!");
+ }
+ }
+
/**
* Tests different display options for form element descriptions.
*/