Commit d404b260 authored by xjm's avatar xjm
Browse files

Issue #2526458 by cilefen, googletorp, alexpott: Test XSS filtering of slogan...

Issue #2526458 by cilefen, googletorp, alexpott: Test XSS filtering of slogan in SystemBrandingBlock
parent 2c7dc8fd
......@@ -53,6 +53,14 @@ public function testSystemBrandingSettings() {
$this->assertTrue(!empty($site_slogan_element), 'The branding block slogan was found.');
$this->assertCacheTag('config:system.site');
// Be sure the slogan is XSS-filtered.
$this->config('system.site')
->set('slogan', '<script>alert("Community carpentry");</script>')
->save();
$this->drupalGet('');
$site_slogan_element = $this->xpath($site_slogan_xpath);
$this->assertEqual($site_slogan_element[0], 'alert("Community carpentry");', 'The site slogan was XSS-filtered.');
// Turn just the logo off.
$this->config('block.block.site-branding')
->set('settings.use_site_logo', 0)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment