get( \Magento\Framework\View\LayoutInterface::class )->createBlock( \Magento\Payment\Block\Transparent\Iframe::class ); $block->setTemplate('transparent/iframe.phtml'); $block->setData( 'params', [ 'redirect' => $xssString, 'redirect_parent' => $xssString, 'error_msg' => $xssString ] ); $content = $block->toHtml(); $this->assertStringNotContainsString($xssString, $content, 'Params must be escaped'); $this->assertStringContainsString($block->escapeJs($xssString), $content, 'Content must be present'); } /** * @return array */ public static function xssDataProvider() { return [ [''], ['javascript%3Aalert%28String.fromCharCode%280x78%29%2BString.fromCharCode%280x73%29%2BString.' . 'fromCharCode%280x73%29%29'], ['javascript:alert(String.fromCharCode(0x78)+String.fromCharCode(0x73)+String.fromCharCode(0x73))'] ]; } }