public function testLinkTagAvoidsXssAttack() { $this->dispatch('/items/browse/%22%3e%3cscript%3ealert(11639)%3c/script%3e'); $html = '<link rel="alternate" type="application/rss+xml" title="Omeka RSS Feed" href="/items/browse/%22%3E%3Cscript%3Ealert%2811639%29%3C/script%3E?output=rss2" />'; $html .= '<link rel="alternate" type="application/atom+xml" title="Omeka Atom Feed" href="/items/browse/%22%3E%3Cscript%3Ealert%2811639%29%3C/script%3E?output=atom" />'; $this->assertContains($html, auto_discovery_link_tags()); }
<!-- Will build the page <title> --> <?php if (isset($title)) { $titleParts[] = strip_formatting($title); } $titleParts[] = option('site_title'); ?> <title><?php echo implode(' · ', $titleParts); ?> </title> <link href='https://fonts.googleapis.com/css?family=Droid+Serif' rel='stylesheet' type='text/css'> <?php echo auto_discovery_link_tags(); ?> <!-- Will fire plugins that need to include their own files in <head> --> <?php fire_plugin_hook('public_head', array('view' => $this)); ?> <!-- Need to add custom and third-party CSS files? Include them here --> <?php queue_css_file('lib/bootstrap.min'); queue_css_file('style'); \queue_css_file('bootstrap-theme'); echo head_css(); ?>