3 namespace Drupal\Tests\system\Functional\Menu;
5 use Drupal\menu_link_content\Entity\MenuLinkContent;
6 use Drupal\Tests\BrowserTestBase;
9 * Ensures that menu links don't cause XSS issues.
13 class MenuLinkSecurityTest extends BrowserTestBase {
18 public static $modules = ['menu_link_content', 'block', 'menu_test'];
21 * Ensures that a menu link does not cause an XSS issue.
23 public function testMenuLink() {
24 $menu_link_content = MenuLinkContent::create([
25 'title' => '<script>alert("Wild animals")</script>',
26 'menu_name' => 'tools',
27 'link' => ['uri' => 'route:<front>'],
29 $menu_link_content->save();
31 $this->drupalPlaceBlock('system_menu_block:tools');
33 $this->drupalGet('<front>');
34 $this->assertNoRaw('<script>alert("Wild animals")</script>');
35 $this->assertNoRaw('<script>alert("Even more wild animals")</script>');
36 $this->assertEscaped('<script>alert("Wild animals")</script>');
37 $this->assertEscaped('<script>alert("Even more wild animals")</script>');