Index: modules/system/system.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.test,v
retrieving revision 1.124
diff -u -p -r1.124 system.test
--- modules/system/system.test	20 Apr 2010 09:48:06 -0000	1.124
+++ modules/system/system.test	1 May 2010 03:43:51 -0000
@@ -1848,3 +1848,75 @@ class CompactModeTest extends DrupalWebT
     $this->assertTrue($this->cookies['Drupal.visitor.admin_compact_mode']['value'], t('Compact mode persists on new requests.'));
   }
 }
+
+/**
+ * Security test for XSS.
+ */
+class SecuriyXSSTest extends DrupalWebTestCase {
+
+  protected $xss = "<script>alert('XSS');</script>";
+
+  public static function getInfo() {
+    return array(
+      'name' => 'XSS',
+      'description' => 'Tests XSS values.',
+      'group' => 'Security',
+    );
+  }
+
+  function setUp() {
+    // Enable all modules.
+    $modules = db_query('SELECT name FROM {system} WHERE type = :type AND status = :status', array(
+      ':type' => 'module',
+      ':status' => 0,
+    ))->fetchCol();
+    call_user_func_array(array($this, 'parent::setUp'), $modules);
+
+    // Create and log in a full-blown administrative user.
+    $permissions = module_invoke_all('permission');
+    $this->admin_user = $this->drupalCreateUser(array_keys($permissions));
+    $this->drupalLogin($this->admin_user);
+
+    // Find all menu callbacks that are forms.
+    $this->callbacks = array();
+    $this->dynamic_callbacks = array();
+    foreach (menu_get_router() as $path => $item) {
+      if ($item['page callback'] == 'drupal_get_form') {
+        if (strpos($path, '%') !== FALSE) {
+          $this->dynamic_callbacks[$path] = $item;
+        }
+        else {
+          $this->callbacks[$path] = $item;
+        }
+      }
+    }
+    #$this->verbose("<pre>" . var_export($this->callbacks, TRUE) . "</pre>\n");
+  }
+
+  /**
+   * Test XSS attacks.
+   */
+  function testXSS() {
+    // On all regular paths, inject XSS where possible.
+    foreach ($this->callbacks as $path => $item) {
+      $this->drupalGet($path);
+      $this->attack();
+    }
+  }
+
+  function attack() {
+    $edit = array();
+    // Find any text input element.
+    $elements = $this->xpath('//input//textarea');
+    foreach ($elements as $element) {
+      if (isset($element['name'])) {
+        $edit[$element['name']] = $this->xss;
+      }
+    }
+    // Identify primary submit button.
+    $elements = $this->xpath('//input[@type="submit"]');
+    $button = $elements[0]['value'];
+    $this->drupalPost(NULL, $edit, $button);
+    // Error handling...
+  }
+}