diff --git a/core/modules/filter/tests/src/Functional/FilterAdminTest.php b/core/modules/filter/tests/src/Functional/FilterAdminTest.php
index 00e2c16f245746a4490f2ae580087772cc3ab90e..60b18f2cd852a631c49fe4c7b32244b28bba4f2d 100644
--- a/core/modules/filter/tests/src/Functional/FilterAdminTest.php
+++ b/core/modules/filter/tests/src/Functional/FilterAdminTest.php
@@ -320,7 +320,7 @@ public function testFilterAdmin() {
$edit['body[0][format]'] = $plain;
$this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
$this->drupalGet('node/' . $node->id());
- $this->assertEscaped($text, 'The "Plain text" text format escapes all HTML tags.');
+ $this->assertEscaped($text);
$this->config('filter.settings')
->set('always_show_fallback_choice', FALSE)
->save();
diff --git a/core/modules/forum/tests/src/Functional/ForumTest.php b/core/modules/forum/tests/src/Functional/ForumTest.php
index 9345445ac9dcf8e3742df9e5f4e52d7f93e64d15..8ed09c8c5e3caa5b3a00df2b47de1459e5fa11f5 100644
--- a/core/modules/forum/tests/src/Functional/ForumTest.php
+++ b/core/modules/forum/tests/src/Functional/ForumTest.php
@@ -547,7 +547,7 @@ public function testForumWithNewPost() {
$this->assertSession()->statusCodeEquals(200);
// Verify there is no unintentional HTML tag escaping.
- $this->assertNoEscaped('<', '');
+ $this->assertNoEscaped('<');
}
/**
diff --git a/core/modules/help/tests/src/Functional/HelpTest.php b/core/modules/help/tests/src/Functional/HelpTest.php
index a8b3e0321d2aa3fc9d23fef318be41acf2fa4a1c..a69194744012ffa75be214e1fca799c9df6ef3ed 100644
--- a/core/modules/help/tests/src/Functional/HelpTest.php
+++ b/core/modules/help/tests/src/Functional/HelpTest.php
@@ -137,10 +137,10 @@ protected function verifyHelp($response = 200) {
foreach ($admin_tasks as $task) {
$this->assertLink($task['title']);
// Ensure there are no double escaped '&' or '<' characters.
- $this->assertNoEscaped('&', 'The help text does not have double escaped &.');
- $this->assertNoEscaped('<', 'The help text does not have double escaped <.');
+ $this->assertNoEscaped('&');
+ $this->assertNoEscaped('<');
// Ensure there are no escaped '<' characters.
- $this->assertNoEscaped('<', 'The help text does not have single escaped <.');
+ $this->assertNoEscaped('<');
}
// Ensure there are no double escaped '&' or '<' characters.
$this->assertNoEscaped('&');
diff --git a/core/modules/node/tests/src/Functional/PagePreviewTest.php b/core/modules/node/tests/src/Functional/PagePreviewTest.php
index 1dae8dec1cad1cf3102989ab306b98776fd1a8b1..36e76efd42baf77f7647b6236bbb965154a4b021 100644
--- a/core/modules/node/tests/src/Functional/PagePreviewTest.php
+++ b/core/modules/node/tests/src/Functional/PagePreviewTest.php
@@ -200,7 +200,7 @@ public function testPagePreview() {
// Check that the preview is displaying the title, body and term.
$expected_title = $edit[$title_key] . ' | Drupal';
$this->assertSession()->titleEquals($expected_title);
- $this->assertEscaped($edit[$title_key], 'Title displayed and escaped.');
+ $this->assertEscaped($edit[$title_key]);
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertLink(t('Back to content editing'));
@@ -240,7 +240,7 @@ public function testPagePreview() {
// Return to page preview to check everything is as expected.
$this->drupalPostForm(NULL, [], t('Preview'));
$this->assertSession()->titleEquals($expected_title);
- $this->assertEscaped($edit[$title_key], 'Title displayed and escaped.');
+ $this->assertEscaped($edit[$title_key]);
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertLink(t('Back to content editing'));
diff --git a/core/modules/search/tests/src/Functional/SearchCommentTest.php b/core/modules/search/tests/src/Functional/SearchCommentTest.php
index e9f12fe583e9c1d8bb3af48c4acc7b26c40f5730..2758044eed1cb94e495b7c458a7dd979338b8ff0 100644
--- a/core/modules/search/tests/src/Functional/SearchCommentTest.php
+++ b/core/modules/search/tests/src/Functional/SearchCommentTest.php
@@ -173,7 +173,7 @@ public function testSearchResultsComment() {
// Verify that comment is rendered using proper format.
$this->assertText($comment_body, 'Comment body text found in search results.');
$this->assertNoRaw(t('n/a'), 'HTML in comment body is not hidden.');
- $this->assertNoEscaped($edit_comment['comment_body[0][value]'], 'HTML in comment body is not escaped.');
+ $this->assertNoEscaped($edit_comment['comment_body[0][value]']);
// Search for the evil script comment subject.
$edit = [
diff --git a/core/modules/system/tests/src/Functional/Batch/ProcessingTest.php b/core/modules/system/tests/src/Functional/Batch/ProcessingTest.php
index 71fe35e5ac20adc5732f19df23fc93f133712aeb..7a210984601167a0d0998ea617c580a2c823f507 100644
--- a/core/modules/system/tests/src/Functional/Batch/ProcessingTest.php
+++ b/core/modules/system/tests/src/Functional/Batch/ProcessingTest.php
@@ -54,14 +54,17 @@ public function testBatchForm() {
// Batch 0: no operation.
$edit = ['batch' => 'batch_0'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
- $this->assertNoEscaped('<', 'No escaped markup is present.');
+ // If there is any escaped markup it will include at least an escaped '<'
+ // character, so assert on each page that there is no escaped '<' as a way
+ // of verifying that no markup is incorrectly escaped.
+ $this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_0'), 'Batch with no operation performed successfully.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
// Batch 1: several simple operations.
$edit = ['batch' => 'batch_1'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
- $this->assertNoEscaped('<', 'No escaped markup is present.');
+ $this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_1'), 'Batch with simple operations performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_1'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
@@ -69,7 +72,7 @@ public function testBatchForm() {
// Batch 2: one multistep operation.
$edit = ['batch' => 'batch_2'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
- $this->assertNoEscaped('<', 'No escaped markup is present.');
+ $this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_2'), 'Batch with multistep operation performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_2'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
@@ -77,7 +80,7 @@ public function testBatchForm() {
// Batch 3: simple + multistep combined.
$edit = ['batch' => 'batch_3'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
- $this->assertNoEscaped('<', 'No escaped markup is present.');
+ $this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_3'), 'Batch with simple and multistep operations performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_3'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
@@ -85,7 +88,7 @@ public function testBatchForm() {
// Batch 4: nested batch.
$edit = ['batch' => 'batch_4'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
- $this->assertNoEscaped('<', 'No escaped markup is present.');
+ $this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_4'), 'Nested batch performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_4'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
@@ -121,7 +124,7 @@ public function testBatchForm() {
*/
public function testBatchFormMultistep() {
$this->drupalGet('batch-test/multistep');
- $this->assertNoEscaped('<', 'No escaped markup is present.');
+ $this->assertNoEscaped('<');
$this->assertText('step 1', 'Form is displayed in step 1.');
// First step triggers batch 1.
@@ -129,14 +132,14 @@ public function testBatchFormMultistep() {
$this->assertBatchMessages($this->_resultMessages('batch_1'), 'Batch for step 1 performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_1'), 'Execution order was correct.');
$this->assertText('step 2', 'Form is displayed in step 2.');
- $this->assertNoEscaped('<', 'No escaped markup is present.');
+ $this->assertNoEscaped('<');
// Second step triggers batch 2.
$this->drupalPostForm(NULL, [], 'Submit');
$this->assertBatchMessages($this->_resultMessages('batch_2'), 'Batch for step 2 performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_2'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
- $this->assertNoEscaped('<', 'No escaped markup is present.');
+ $this->assertNoEscaped('<');
// Extra query arguments will trigger logic that will add them to the
// redirect URL. Make sure they are persisted.
diff --git a/core/modules/system/tests/src/Functional/Menu/BreadcrumbTest.php b/core/modules/system/tests/src/Functional/Menu/BreadcrumbTest.php
index 1c148f8d0161a61d7d2a2d0b950cd979781c4520..5f4583274400c240b0dda59da539912e3a785d85 100644
--- a/core/modules/system/tests/src/Functional/Menu/BreadcrumbTest.php
+++ b/core/modules/system/tests/src/Functional/Menu/BreadcrumbTest.php
@@ -286,7 +286,8 @@ public function testBreadCrumbs() {
$link_path => $link->getTitle(),
];
$this->assertBreadcrumb($link_path, $trail, $term->getName(), $tree);
- $this->assertEscaped($parent->getTitle(), 'Tagged node found.');
+ // Ensure that the tagged node is found.
+ $this->assertEscaped($parent->getTitle());
// Additionally make sure that this link appears only once; i.e., the
// untranslated menu links automatically generated from menu router items
diff --git a/core/modules/system/tests/src/Functional/Menu/MenuRouterTest.php b/core/modules/system/tests/src/Functional/Menu/MenuRouterTest.php
index 47077f1d7e0981a0b2c525521a5dc3ae035b5827..e37aafb84abe744fae689d91e4774afbe6ed8f06 100644
--- a/core/modules/system/tests/src/Functional/Menu/MenuRouterTest.php
+++ b/core/modules/system/tests/src/Functional/Menu/MenuRouterTest.php
@@ -68,7 +68,7 @@ protected function doTestHookMenuIntegration() {
$this->assertLink('Local task A');
$this->assertLink('Local task B');
$this->assertNoLink('Local task C');
- $this->assertEscaped("<script>alert('Welcome to the jungle!')</script>", ENT_QUOTES, 'UTF-8');
+ $this->assertEscaped("<script>alert('Welcome to the jungle!')</script>");
// Confirm correct local task href.
$this->assertLinkByHref(Url::fromRoute('menu_test.router_test1', ['bar' => $machine_name])->toString());
$this->assertLinkByHref(Url::fromRoute('menu_test.router_test2', ['bar' => $machine_name])->toString());
diff --git a/core/modules/system/tests/src/Functional/System/DateTimeTest.php b/core/modules/system/tests/src/Functional/System/DateTimeTest.php
index 73df3934295a221b19f52c2146d81f68cb749fc1..fe022bf5d4a7bd9b5969252822a6712b4f4a0f70 100644
--- a/core/modules/system/tests/src/Functional/System/DateTimeTest.php
+++ b/core/modules/system/tests/src/Functional/System/DateTimeTest.php
@@ -159,7 +159,8 @@ public function testDateFormatConfiguration() {
$date_format->save();
$this->drupalGet(Url::fromRoute('entity.date_format.collection'));
- $this->assertEscaped("<script>alert('XSS');</script>", 'The date format was properly escaped');
+ // Ensure that the date format is properly escaped.
+ $this->assertEscaped("<script>alert('XSS');</script>");
// Add a new date format with HTML in it.
$date_format_id = strtolower($this->randomMachineName(8));
diff --git a/core/modules/taxonomy/tests/src/Functional/TermTest.php b/core/modules/taxonomy/tests/src/Functional/TermTest.php
index b4ca5364db9d1785ea524471138a19d63f6b0925..7879a831f81cbdb880e00f018bf52523c9d75019 100644
--- a/core/modules/taxonomy/tests/src/Functional/TermTest.php
+++ b/core/modules/taxonomy/tests/src/Functional/TermTest.php
@@ -601,7 +601,7 @@ public function testTermBreadcrumbs() {
$this->assertCount(2, $breadcrumbs, 'The breadcrumbs are present on the page.');
$this->assertIdentical($breadcrumbs[0]->getText(), 'Home', 'First breadcrumb text is Home');
$this->assertIdentical($breadcrumbs[1]->getText(), $term->label(), 'Second breadcrumb text is term name on term edit page.');
- $this->assertEscaped($breadcrumbs[1]->getText(), 'breadcrumbs displayed and escaped.');
+ $this->assertEscaped($breadcrumbs[1]->getText());
// Check the breadcrumb on the term delete page.
$this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
@@ -609,7 +609,7 @@ public function testTermBreadcrumbs() {
$this->assertCount(2, $breadcrumbs, 'The breadcrumbs are present on the page.');
$this->assertIdentical($breadcrumbs[0]->getText(), 'Home', 'First breadcrumb text is Home');
$this->assertIdentical($breadcrumbs[1]->getText(), $term->label(), 'Second breadcrumb text is term name on term delete page.');
- $this->assertEscaped($breadcrumbs[1]->getText(), 'breadcrumbs displayed and escaped.');
+ $this->assertEscaped($breadcrumbs[1]->getText());
}
}
diff --git a/core/modules/views_ui/tests/src/Functional/XssTest.php b/core/modules/views_ui/tests/src/Functional/XssTest.php
index e5257d64f41659734ce124403eeb2401fb2bc65f..18d10451b840752fc6ae7784d81b8767429ee694 100644
--- a/core/modules/views_ui/tests/src/Functional/XssTest.php
+++ b/core/modules/views_ui/tests/src/Functional/XssTest.php
@@ -23,11 +23,13 @@ class XssTest extends UITestBase {
public function testViewsUi() {
$this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
- $this->assertEscaped('<marquee>test</marquee>', 'Field admin label is properly escaped.');
+ // Verify that the field admin label is properly escaped.
+ $this->assertEscaped('<marquee>test</marquee>');
$this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
- $this->assertEscaped('{{ title }} == <marquee>test</marquee>', 'Token label is properly escaped.');
- $this->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>', 'Token label is properly escaped.');
+ // Verify that the token label is properly escaped.
+ $this->assertEscaped('{{ title }} == <marquee>test</marquee>');
+ $this->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>');
}
/**