use Drupal\simpletest\WebTestBase;
/**
- * Ensures that metatags do not allow xss vulnerabilities.
+ * Ensures that meta tags do not allow xss vulnerabilities.
*
* @group metatag
*/
private $xssTitleString = '<script>alert("xss");</script>';
/**
- * String that causes an alert when metatags aren't filtered for xss.
+ * String that causes an alert when meta tags aren't filtered for xss.
*
* @var string
*/
private $escapedXssTag = '<meta name="abstract" content="">alert("xss");" />';
/**
- * String that causes an alert when metatags aren't filtered for xss.
+ * String that causes an alert when meta tags aren't filtered for xss.
*
* "Image" meta tags are processed differently to others, so this checks for a
* different string.
$values = [
'title' => $this->xssTitleString,
'abstract' => $this->xssString,
- 'image_src' => $this->xssImageString
+ 'image_src' => $this->xssImageString,
];
$this->drupalPostForm(NULL, $values, 'Save');
$this->assertText('Saved the Global Metatag defaults.');
* Verify XSS injected in the entity metatag override field is not rendered.
*/
public function testXssEntityOverride() {
+ $save_label = (floatval(\Drupal::VERSION) <= 8.3) ? t('Save and publish') : t('Save');
+
$this->drupalGet('node/add/metatag_node');
$this->assertResponse(200);
$edit = [
'field_metatag_field[0][basic][abstract]' => $this->xssString,
'field_metatag_field[0][advanced][image_src]' => $this->xssImageString,
];
- $this->drupalPostForm(NULL, $edit, t('Save and publish'));
+ $this->drupalPostForm(NULL, $edit, $save_label);
// Check for the title tag, which will have the HTML tags removed and then
// be lightly HTML encoded.
* Verify XSS injected in the entity titles are not rendered.
*/
public function testXssEntityTitle() {
+ $save_label = (floatval(\Drupal::VERSION) <= 8.3) ? t('Save and publish') : t('Save');
+
$this->drupalGet('node/add/metatag_node');
$this->assertResponse(200);
$edit = [
'title[0][value]' => $this->xssTitleString,
'body[0][value]' => $this->randomString() . ' ' . $this->randomString(),
];
- $this->drupalPostForm(NULL, $edit, t('Save and publish'));
+ $this->drupalPostForm(NULL, $edit, $save_label);
// Check for the title tag, which will have the HTML tags removed and then
// be lightly HTML encoded.
* Verify XSS injected in the entity fields are not rendered.
*/
public function testXssEntityBody() {
+ $save_label = (floatval(\Drupal::VERSION) <= 8.3) ? t('Save and publish') : t('Save');
+
$this->drupalGet('node/add/metatag_node');
$this->assertResponse(200);
$edit = [
'title[0][value]' => $this->randomString(),
'body[0][value]' => $this->xssTitleString,
];
- $this->drupalPostForm(NULL, $edit, t('Save and publish'));
+ $this->drupalPostForm(NULL, $edit, $save_label);
// Check the body text.
// $this->assertNoTitle($this->xssTitleString);