1.20.x link.validate.test | LinkValidateTest::testXss() |
Test if a bad URL will display if validation is disabled.
File
- modules/
link/ tests/ link.validate.test, line 97 - Tests that exercise the validation functions in the link module.
Class
Code
function testXss() {
// Disable validation.
$edit = array(
'instance[settings][validate_url]' => FALSE,
);
$this->backdropPost('admin/structure/types/manage/page/fields/' . $this->field_name, $edit, t('Save settings'));
$title = $this->randomName();
$url = 'javascript:alert("http://example.com/")';
$edit = array(
'title' => 'Simple title',
$this->field_name . '[und][0][url]' => $url,
$this->field_name . '[und][0][title]' => $title,
);
$this->backdropPost('node/add/page', $edit, t('Save'));
$this->assertNoText(t('The value %value provided for %field is not a valid URL.', array('%field' => $this->field_name, '%value' => trim($url))));
$nid = db_query("SELECT MAX(nid) FROM {node}")->fetchField();
$node = node_load($nid);
$this->assertEqual($url, $node->{$this->field_name}['und'][0]['url']);
$this->backdropGet('node/' . $node->nid);
$this->assertNoRaw($url, 'Make sure Javascript does not display.');
// Enable validation.
$edit = array(
'instance[settings][validate_url]' => TRUE,
);
$this->backdropPost('admin/structure/types/manage/page/fields/' . $this->field_name, $edit, t('Save settings'));
$this->backdropGet('node/' . $node->nid);
// Ensure that the field still does not render JS.
$this->assertNoRaw($url, 'Make sure Javascript does not display.');
}