Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Hi,
I noticed that CommonURLUnitTest::testLXSS() test case checks URL only. It would be great to extend this method to check a title also.
E.g. We can override theme_link() in our own theme. And we can miss check_plain() for a title of the link. When we run this test case: CommonURLUnitTest::testLXSS() it will pass, even if a title is vulnerable (fail is expected).
Comments
Comment #2
alan-ps CreditAttribution: alan-ps commentedI think we can add the something like this: