drupalCreateUser([
'create page content',
'edit any page content',
]);
$this->drupalLogin($web_user);
$xss = '';
$title = $xss . $this->randomMachineName();
$edit = [];
$edit['title[0][value]'] = $title;
$this->drupalGet('node/add/page');
$this->submitForm($edit, 'Preview');
// Verify that harmful tags are escaped when previewing a node.
$this->assertSession()->responseNotContains($xss);
$settings = ['title' => $title];
$node = $this->drupalCreateNode($settings);
$this->drupalGet('node/' . $node->id());
// Titles should be escaped.
$this->assertSession()->responseContains('' . Html::escape($title) . ' | Drupal');
$this->assertSession()->responseNotContains($xss);
$this->drupalGet('node/' . $node->id() . '/edit');
$this->assertSession()->responseNotContains($xss);
}
}