3 namespace Drupal\Tests\views\Functional;
6 * Tests output of Views.
10 class ViewsEscapingTest extends ViewTestBase {
13 * Views used by this test.
17 public static $testViews = ['test_page_display', 'test_field_header'];
20 * Used by WebTestBase::setup()
22 * We need theme_test for testing against test_basetheme and test_subtheme.
26 * @see \Drupal\simpletest\WebTestBase::setup()
28 public static $modules = ['views', 'theme_test'];
33 protected function setUp($import_test_views = TRUE) {
36 $this->enableViewsTestModule();
40 * Tests for incorrectly escaped markup in the views-view-fields.html.twig.
42 public function testViewsViewFieldsEscaping() {
43 // Test with system theme using theme function.
44 $this->drupalGet('test_page_display_200');
46 // Assert that there are no escaped '<'s characters.
47 $this->assertNoEscaped('<');
49 // Install theme to test with template system.
50 \Drupal::service('theme_handler')->install(['views_test_theme']);
52 // Make base theme default then test for hook invocations.
53 $this->config('system.theme')
54 ->set('default', 'views_test_theme')
56 $this->assertEqual($this->config('system.theme')->get('default'), 'views_test_theme');
58 $this->drupalGet('test_page_display_200');
60 // Assert that we are using the correct template.
61 $this->assertText('force', 'The force is strong with this one');
63 // Assert that there are no escaped '<'s characters.
64 $this->assertNoEscaped('<');
68 * Tests for incorrectly escaped markup in a header label on a display table.
70 public function testViewsFieldHeaderEscaping() {
71 // Test with a field header label having an html element wrapper.
72 $this->drupalGet('test_field_header');
74 // Assert that there are no escaped '<'s characters.
75 $this->assertNoEscaped('<');
77 // Test with a field header label having a XSS test as a wrapper.
78 $this->drupalGet('test_field_header_xss');
80 // Assert that XSS test is escaped.
81 $this->assertNoRaw('<script>alert("XSS")</script>', 'Harmful tags are escaped in header label.');