function PageTitleFiltering::testTitleXSS

1 system.test PageTitleFiltering::testTitleXSS()

Test if the title of the site is XSS proof.

File

core/modules/system/tests/system.test, line 1518: Tests for system.module.

Class

PageTitleFiltering

Code

function testTitleXSS() {
  // Set some title with JavaScript and HTML chars to escape.
  $title = '</title><script type="text/javascript">alert("Title XSS!");</script> & < > " \' ';
  $title_filtered = check_plain($title);

  $slogan = '<script type="text/javascript">alert("Slogan XSS!");</script>';
  $slogan_filtered = filter_xss_admin($slogan);

  // Set title and slogan.
  $edit = array(
    'site_name' => $title,
    'site_slogan' => $slogan,
  );
  $this->backdropPost('admin/config/system/site-information', $edit, t('Save configuration'));

  // Load frontpage.
  $this->backdropGet('<front>');

  // Test the title.
  $this->assertNoRaw($title, 'Check for the unfiltered version of the title.');
  // Adding </title> so we do not test the escaped version from backdrop_set_title().
  $this->assertRaw($title_filtered . '</title>', 'Check for the filtered version of the title.');

  // Test the slogan.
  $this->assertNoRaw($slogan, 'Check for the unfiltered version of the slogan.');
  $this->assertRaw($slogan_filtered, 'Check for the filtered version of the slogan.');
}