diff --git a/core/modules/search/src/Tests/SearchCommentTest.php b/core/modules/search/src/Tests/SearchCommentTest.php index b46c273..7f03045 100644 --- a/core/modules/search/src/Tests/SearchCommentTest.php +++ b/core/modules/search/src/Tests/SearchCommentTest.php @@ -126,10 +126,12 @@ function testSearchResultsComment() { $edit_comment['comment_body[0][format]'] = $full_html_format_id; $this->drupalPostForm('comment/reply/node/' . $node->id() .'/comment', $edit_comment, t('Save')); - // Post a comment with an evil script as its subject. + // Post a comment with an evil script using 'FULL HTML' text format. $edit_comment2 = array(); $edit_comment2['subject[0][value]'] = ""; - $edit_comment2['comment_body[0][value]'] = '

goodbye

'; + $edit_comment2['comment_body[0][value]'] = "goodbye"; + $full_html_format_id = 'full_html'; + $edit_comment2['comment_body[0][format]'] = $full_html_format_id; $this->drupalPostForm('comment/reply/node/' . $node->id() . '/comment', $edit_comment2, t('Save')); // Invoke search index update. @@ -158,7 +160,7 @@ function testSearchResultsComment() { $this->assertNoRaw(t('n/a'), 'HTML in comment body is not hidden.'); $this->assertNoEscaped($edit_comment['comment_body[0][value]'], 'HTML in comment body is not escaped.'); - // Search for the evil comment subject. + // Search for the evil script comment subject. $edit = array( 'keys' => "hello", ); @@ -167,6 +169,17 @@ function testSearchResultsComment() { $this->assertRaw('alert('hello');'); $this->assertNoRaw('