| Current Path : /var/www/html/rocksensor/web/core/modules/system/tests/src/Functional/Menu/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : /var/www/html/rocksensor/web/core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php |
<?php
declare(strict_types=1);
namespace Drupal\Tests\system\Functional\Menu;
use Drupal\menu_link_content\Entity\MenuLinkContent;
use Drupal\Tests\BrowserTestBase;
/**
* Ensures that menu links don't cause XSS issues.
*
* @group Menu
*/
class MenuLinkSecurityTest extends BrowserTestBase {
/**
* {@inheritdoc}
*/
protected static $modules = ['menu_link_content', 'block', 'menu_test'];
/**
* {@inheritdoc}
*/
protected $defaultTheme = 'stark';
/**
* Ensures that a menu link does not cause an XSS issue.
*/
public function testMenuLink(): void {
$menu_link_content = MenuLinkContent::create([
'title' => '<script>alert("Wild animals")</script>',
'menu_name' => 'tools',
'link' => ['uri' => 'route:<front>'],
]);
$menu_link_content->save();
$this->drupalPlaceBlock('system_menu_block:tools');
$this->drupalGet('<front>');
$this->assertSession()->responseNotContains('<script>alert("Wild animals")</script>');
$this->assertSession()->responseNotContains('<script>alert("Even more wild animals")</script>');
$this->assertSession()->assertEscaped('<script>alert("Wild animals")</script>');
$this->assertSession()->assertEscaped('<script>alert("Even more wild animals")</script>');
}
}