Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2526458 by cilefen, googletorp, alexpott: Test XSS filtering of slogan in SystemBrandingBlock

8.0.x
xjm 2015-07-08 08:31:53 +01:00
parent 2c7dc8fda3
commit d404b26005
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/modules/block/src/Tests/BlockSystemBrandingTest.php
View File

@ -53,6 +53,14 @@ class BlockSystemBrandingTest extends BlockTestBase {
$this->assertTrue(!empty($site_slogan_element), 'The branding block slogan was found.');
$this->assertCacheTag('config:system.site');
// Be sure the slogan is XSS-filtered.
$this->config('system.site')
->set('slogan', '<script>alert("Community carpentry");</script>')
->save();
$this->drupalGet('');
$site_slogan_element = $this->xpath($site_slogan_xpath);
$this->assertEqual($site_slogan_element[0], 'alert("Community carpentry");', 'The site slogan was XSS-filtered.');
// Turn just the logo off.
$this->config('block.block.site-branding')
->set('settings.use_site_logo', 0)