/** * @magentoDataFixture Mage/Catalog/_files/product_simple_xss.php * @magentoDataFixture Mage/Customer/_files/customer.php */ public function testAddActionProductNameXss() { $this->dispatch('wishlist/index/add/product/1?nocookie=1'); $messages = $this->_customerSession->getMessages()->getItems(); $isProductNamePresent = false; foreach ($messages as $message) { if (strpos($message->getCode(), '<script>alert("xss");</script>') !== false) { $isProductNamePresent = true; } $this->assertNotContains('<script>alert("xss");</script>', $message->getCode()); } $this->assertTrue($isProductNamePresent, 'Product name was not found in session messages'); }