public function testLinkTagAvoidsXssAttack()
{
$this->dispatch('/items/browse/%22%3e%3cscript%3ealert(11639)%3c/script%3e');
$html = '<link rel="alternate" type="application/rss+xml" title="Omeka RSS Feed" href="/items/browse/%22%3E%3Cscript%3Ealert%2811639%29%3C/script%3E?output=rss2" />';
$html .= '<link rel="alternate" type="application/atom+xml" title="Omeka Atom Feed" href="/items/browse/%22%3E%3Cscript%3Ealert%2811639%29%3C/script%3E?output=atom" />';
$this->assertContains($html, auto_discovery_link_tags());
}
<!-- Will build the page <title> -->
<?php
if (isset($title)) {
$titleParts[] = strip_formatting($title);
}
$titleParts[] = option('site_title');
?>
<title><?php
echo implode(' · ', $titleParts);
?>
</title>
<link href='https://fonts.googleapis.com/css?family=Droid+Serif' rel='stylesheet' type='text/css'>
<?php
echo auto_discovery_link_tags();
?>
<!-- Will fire plugins that need to include their own files in <head> -->
<?php
fire_plugin_hook('public_head', array('view' => $this));
?>
<!-- Need to add custom and third-party CSS files? Include them here -->
<?php
queue_css_file('lib/bootstrap.min');
queue_css_file('style');
\queue_css_file('bootstrap-theme');
echo head_css();
?>
