+ /**
+ * Tests XSS-protection of element labels.
+ */
+ public function testTitleEscaping() {
+ $this->drupalGet('form_test/form-labels');
+ foreach (FormTestLabelForm::$typesWithTitle as $type) {
+ $this->assertSession()->responseContains("$type alert('XSS') is XSS filtered!");
+ $this->assertSession()->responseNotContains("$type <script>alert('XSS')</script> is XSS filtered!");
+ }
+ }
+