drupalCreateUser(['create page content', 'edit any page content']); $this->drupalLogin($web_user); $xss = ''; $title = $xss . $this->randomMachineName(); $edit = []; $edit['title[0][value]'] = $title; $this->drupalPostForm('node/add/page', $edit, t('Preview')); $this->assertNoRaw($xss, 'Harmful tags are escaped when previewing a node.'); $settings = ['title' => $title]; $node = $this->drupalCreateNode($settings); $this->drupalGet('node/' . $node->id()); // Titles should be escaped. $this->assertRaw('', 'Title is displayed when viewing a node.'); $this->assertNoRaw($xss, 'Harmful tags are escaped when viewing a node.'); $this->drupalGet('node/' . $node->id() . '/edit'); $this->assertNoRaw($xss, 'Harmful tags are escaped when editing a node.'); } }