From d404b260052789f5dc7c09545e9ba3e9ee0b2be0 Mon Sep 17 00:00:00 2001
From: xjm <xjm@65776.no-reply.drupal.org>
Date: Wed, 8 Jul 2015 08:31:53 +0100
Subject: [PATCH] Issue #2526458 by cilefen, googletorp, alexpott: Test XSS
 filtering of slogan in SystemBrandingBlock

---
 core/modules/block/src/Tests/BlockSystemBrandingTest.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/core/modules/block/src/Tests/BlockSystemBrandingTest.php b/core/modules/block/src/Tests/BlockSystemBrandingTest.php
index 57ebc857f5bf..a78f67511548 100644
--- a/core/modules/block/src/Tests/BlockSystemBrandingTest.php
+++ b/core/modules/block/src/Tests/BlockSystemBrandingTest.php
@@ -53,6 +53,14 @@ class BlockSystemBrandingTest extends BlockTestBase {
     $this->assertTrue(!empty($site_slogan_element), 'The branding block slogan was found.');
     $this->assertCacheTag('config:system.site');
 
+    // Be sure the slogan is XSS-filtered.
+    $this->config('system.site')
+      ->set('slogan', '<script>alert("Community carpentry");</script>')
+      ->save();
+    $this->drupalGet('');
+    $site_slogan_element = $this->xpath($site_slogan_xpath);
+    $this->assertEqual($site_slogan_element[0], 'alert("Community carpentry");', 'The site slogan was XSS-filtered.');
+
     // Turn just the logo off.
     $this->config('block.block.site-branding')
       ->set('settings.use_site_logo', 0)