function CommonURLWebTestCase::testLXSS

1.20.x common.test CommonURLWebTestCase::testLXSS()

Confirm that invalid text given as $path is filtered.

File

modules/simpletest/tests/common.test, line 73: Tests for common.inc functionality.

Class

CommonURLWebTestCase: Tests for URL generation functions.

Code

function testLXSS() {
  $text = $this->randomName();
  $path = "<SCRIPT>alert('XSS')</SCRIPT>";
  $link = l($text, $path);
  $sanitized_path = check_url(url($path));
  $this->assertTrue(strpos($link, $sanitized_path) !== FALSE, format_string('XSS attack @path was filtered', array('@path' => $path)));
}