Loading core/modules/aggregator/tests/src/Functional/AddFeedTest.php +1 −1 Original line number Diff line number Diff line Loading @@ -63,7 +63,7 @@ public function testFeedLabelEscaping() { $this->drupalGet('aggregator/sources/' . $feed->id()); $this->assertSession()->statusCodeEquals(200); $this->assertEscaped('Test feed title <script>alert(123);</script>'); $this->assertSession()->assertEscaped('Test feed title <script>alert(123);</script>'); $this->assertNoRaw('Test feed title <script>alert(123);</script>'); // Ensure the feed icon title is escaped. Loading core/modules/block/tests/src/Functional/BlockTest.php +2 −2 Original line number Diff line number Diff line Loading @@ -282,9 +282,9 @@ public function testThemeName() { $theme = 'block_test_specialchars_theme'; \Drupal::service('theme_installer')->install([$theme]); $this->drupalGet('admin/structure/block'); $this->assertEscaped('<"Cat" & \'Mouse\'>'); $this->assertSession()->assertEscaped('<"Cat" & \'Mouse\'>'); $this->drupalGet('admin/structure/block/list/block_test_specialchars_theme'); $this->assertEscaped('Demonstrate block regions (<"Cat" & \'Mouse\'>)'); $this->assertSession()->assertEscaped('Demonstrate block regions (<"Cat" & \'Mouse\'>)'); } /** Loading core/modules/block/tests/src/Functional/BlockUiTest.php +1 −1 Original line number Diff line number Diff line Loading @@ -97,7 +97,7 @@ public function testBlockDemoUiPage() { // Ensure that other themes can use the block demo page. \Drupal::service('theme_installer')->install(['test_theme']); $this->drupalGet('admin/structure/block/demo/test_theme'); $this->assertEscaped('<strong>Test theme</strong>'); $this->assertSession()->assertEscaped('<strong>Test theme</strong>'); // Ensure that a hidden theme cannot use the block demo page. \Drupal::service('theme_installer')->install(['stable']); Loading core/modules/block/tests/src/Functional/BlockXssTest.php +7 −7 Original line number Diff line number Diff line Loading @@ -38,7 +38,7 @@ public function testNoUnexpectedEscaping() { ])); $this->drupalGet(Url::fromRoute('block.admin_display')); $this->clickLink('Place block'); $this->assertNoEscaped('<'); $this->assertSession()->assertNoEscaped('<'); } /** Loading Loading @@ -125,14 +125,14 @@ protected function doViewTest() { // second one. Note that the second assertion is redundant with the one // further down which also checks for the Display label, but is included // here for clarity. $this->assertNoEscaped('<script>alert("view1");</script>:'); $this->assertEscaped('<script>alert("view2");</script>:'); $this->assertSession()->assertNoEscaped('<script>alert("view1");</script>:'); $this->assertSession()->assertEscaped('<script>alert("view2");</script>:'); // Assert that the blocks have their admin labels escaped and // don't appear anywhere unescaped. $this->assertEscaped('<script>alert("view1");</script>'); $this->assertSession()->assertEscaped('<script>alert("view1");</script>'); $this->assertNoRaw('<script>alert("view1");</script>'); $this->assertEscaped('<script>alert("view2");</script>: Fish & chips'); $this->assertSession()->assertEscaped('<script>alert("view2");</script>: Fish & chips'); $this->assertNoRaw('<script>alert("view2");</script>'); $this->assertNoRaw('Fish & chips'); Loading @@ -153,7 +153,7 @@ protected function doMenuTest() { $this->drupalGet(Url::fromRoute('block.admin_display')); $this->clickLink('Place block'); $this->assertEscaped('<script>alert("menu");</script>'); $this->assertSession()->assertEscaped('<script>alert("menu");</script>'); $this->assertNoRaw('<script>alert("menu");</script>'); } Loading @@ -174,7 +174,7 @@ protected function doBlockContentTest() { $this->drupalGet(Url::fromRoute('block.admin_display')); $this->clickLink('Place block'); $this->assertEscaped('<script>alert("block_content");</script>'); $this->assertSession()->assertEscaped('<script>alert("block_content");</script>'); $this->assertNoRaw('<script>alert("block_content");</script>'); } Loading core/modules/comment/tests/src/Functional/CommentPreviewTest.php +2 −2 Original line number Diff line number Diff line Loading @@ -50,12 +50,12 @@ public function testCommentPreview() { $edit['subject[0][value]'] = $this->randomMachineName(8); $edit['comment_body[0][value]'] = $this->randomMachineName(16); $this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview')); $this->assertEscaped('<em>' . $this->webUser->id() . '</em>'); $this->assertSession()->assertEscaped('<em>' . $this->webUser->id() . '</em>'); \Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE); $this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview')); $this->assertInstanceOf(MarkupInterface::class, $this->webUser->getDisplayName()); $this->assertNoEscaped('<em>' . $this->webUser->id() . '</em>'); $this->assertSession()->assertNoEscaped('<em>' . $this->webUser->id() . '</em>'); $this->assertRaw('<em>' . $this->webUser->id() . '</em>'); // Add a user picture. Loading Loading
core/modules/aggregator/tests/src/Functional/AddFeedTest.php +1 −1 Original line number Diff line number Diff line Loading @@ -63,7 +63,7 @@ public function testFeedLabelEscaping() { $this->drupalGet('aggregator/sources/' . $feed->id()); $this->assertSession()->statusCodeEquals(200); $this->assertEscaped('Test feed title <script>alert(123);</script>'); $this->assertSession()->assertEscaped('Test feed title <script>alert(123);</script>'); $this->assertNoRaw('Test feed title <script>alert(123);</script>'); // Ensure the feed icon title is escaped. Loading
core/modules/block/tests/src/Functional/BlockTest.php +2 −2 Original line number Diff line number Diff line Loading @@ -282,9 +282,9 @@ public function testThemeName() { $theme = 'block_test_specialchars_theme'; \Drupal::service('theme_installer')->install([$theme]); $this->drupalGet('admin/structure/block'); $this->assertEscaped('<"Cat" & \'Mouse\'>'); $this->assertSession()->assertEscaped('<"Cat" & \'Mouse\'>'); $this->drupalGet('admin/structure/block/list/block_test_specialchars_theme'); $this->assertEscaped('Demonstrate block regions (<"Cat" & \'Mouse\'>)'); $this->assertSession()->assertEscaped('Demonstrate block regions (<"Cat" & \'Mouse\'>)'); } /** Loading
core/modules/block/tests/src/Functional/BlockUiTest.php +1 −1 Original line number Diff line number Diff line Loading @@ -97,7 +97,7 @@ public function testBlockDemoUiPage() { // Ensure that other themes can use the block demo page. \Drupal::service('theme_installer')->install(['test_theme']); $this->drupalGet('admin/structure/block/demo/test_theme'); $this->assertEscaped('<strong>Test theme</strong>'); $this->assertSession()->assertEscaped('<strong>Test theme</strong>'); // Ensure that a hidden theme cannot use the block demo page. \Drupal::service('theme_installer')->install(['stable']); Loading
core/modules/block/tests/src/Functional/BlockXssTest.php +7 −7 Original line number Diff line number Diff line Loading @@ -38,7 +38,7 @@ public function testNoUnexpectedEscaping() { ])); $this->drupalGet(Url::fromRoute('block.admin_display')); $this->clickLink('Place block'); $this->assertNoEscaped('<'); $this->assertSession()->assertNoEscaped('<'); } /** Loading Loading @@ -125,14 +125,14 @@ protected function doViewTest() { // second one. Note that the second assertion is redundant with the one // further down which also checks for the Display label, but is included // here for clarity. $this->assertNoEscaped('<script>alert("view1");</script>:'); $this->assertEscaped('<script>alert("view2");</script>:'); $this->assertSession()->assertNoEscaped('<script>alert("view1");</script>:'); $this->assertSession()->assertEscaped('<script>alert("view2");</script>:'); // Assert that the blocks have their admin labels escaped and // don't appear anywhere unescaped. $this->assertEscaped('<script>alert("view1");</script>'); $this->assertSession()->assertEscaped('<script>alert("view1");</script>'); $this->assertNoRaw('<script>alert("view1");</script>'); $this->assertEscaped('<script>alert("view2");</script>: Fish & chips'); $this->assertSession()->assertEscaped('<script>alert("view2");</script>: Fish & chips'); $this->assertNoRaw('<script>alert("view2");</script>'); $this->assertNoRaw('Fish & chips'); Loading @@ -153,7 +153,7 @@ protected function doMenuTest() { $this->drupalGet(Url::fromRoute('block.admin_display')); $this->clickLink('Place block'); $this->assertEscaped('<script>alert("menu");</script>'); $this->assertSession()->assertEscaped('<script>alert("menu");</script>'); $this->assertNoRaw('<script>alert("menu");</script>'); } Loading @@ -174,7 +174,7 @@ protected function doBlockContentTest() { $this->drupalGet(Url::fromRoute('block.admin_display')); $this->clickLink('Place block'); $this->assertEscaped('<script>alert("block_content");</script>'); $this->assertSession()->assertEscaped('<script>alert("block_content");</script>'); $this->assertNoRaw('<script>alert("block_content");</script>'); } Loading
core/modules/comment/tests/src/Functional/CommentPreviewTest.php +2 −2 Original line number Diff line number Diff line Loading @@ -50,12 +50,12 @@ public function testCommentPreview() { $edit['subject[0][value]'] = $this->randomMachineName(8); $edit['comment_body[0][value]'] = $this->randomMachineName(16); $this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview')); $this->assertEscaped('<em>' . $this->webUser->id() . '</em>'); $this->assertSession()->assertEscaped('<em>' . $this->webUser->id() . '</em>'); \Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE); $this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview')); $this->assertInstanceOf(MarkupInterface::class, $this->webUser->getDisplayName()); $this->assertNoEscaped('<em>' . $this->webUser->id() . '</em>'); $this->assertSession()->assertNoEscaped('<em>' . $this->webUser->id() . '</em>'); $this->assertRaw('<em>' . $this->webUser->id() . '</em>'); // Add a user picture. Loading
