container->get('router.builder')->rebuild(); } /** * Gets arguments for FormattableMarkup based on Url::fromUri() parameters. * * @param string $uri * The URI of the resource. * @param array $options * The options to pass to Url::fromUri(). * * @return array * Array containing: * - ':url': A URL string. * * @see \Drupal\Component\Render\FormattableMarkup */ protected static function getSafeMarkupUriArgs($uri, $options = []) { $args[':url'] = Url::fromUri($uri, $options)->toString(); return $args; } /** * Tests URL ":placeholders" in \Drupal\Component\Render\FormattableMarkup. * * @dataProvider providerTestSafeMarkupUri */ public function testSafeMarkupUri($string, $uri, $options, $expected) { $args = self::getSafeMarkupUriArgs($uri, $options); $this->assertEquals($expected, new FormattableMarkup($string, $args)); } /** * @return array */ public function providerTestSafeMarkupUri() { $data = []; $data['routed-url'] = [ 'Hey giraffe MUUUH', 'route:system.admin', [], 'Hey giraffe MUUUH', ]; $data['routed-with-query'] = [ 'Hey giraffe MUUUH', 'route:system.admin', ['query' => ['bar' => 'baz#']], 'Hey giraffe MUUUH', ]; $data['routed-with-fragment'] = [ 'Hey giraffe MUUUH', 'route:system.admin', ['fragment' => 'bar<'], 'Hey giraffe MUUUH', ]; $data['unrouted-url'] = [ 'Hey giraffe MUUUH', 'base://foo', [], 'Hey giraffe MUUUH', ]; $data['unrouted-with-query'] = [ 'Hey giraffe MUUUH', 'base://foo', ['query' => ['bar' => 'baz#']], 'Hey giraffe MUUUH', ]; $data['unrouted-with-fragment'] = [ 'Hey giraffe MUUUH', 'base://foo', ['fragment' => 'bar<'], 'Hey giraffe MUUUH', ]; $data['mailto-protocol'] = [ 'Hey giraffe MUUUH', 'mailto:test@example.com', [], 'Hey giraffe MUUUH', ]; return $data; } /** * @dataProvider providerTestSafeMarkupUriWithException */ public function testSafeMarkupUriWithExceptionUri($string, $uri) { // Should throw an \InvalidArgumentException, due to Uri::toString(). $this->setExpectedException(\InvalidArgumentException::class); $args = self::getSafeMarkupUriArgs($uri); new FormattableMarkup($string, $args); } /** * @return array */ public function providerTestSafeMarkupUriWithException() { $data = []; $data['js-protocol'] = [ 'Hey giraffe MUUUH', "javascript:alert('xss')", ]; $data['js-with-fromCharCode'] = [ 'Hey giraffe MUUUH', "javascript:alert(String.fromCharCode(88,83,83))", ]; $data['non-url-with-colon'] = [ 'Hey giraffe MUUUH', "llamas: they are not URLs", ]; $data['non-url-with-html'] = [ 'Hey giraffe MUUUH', 'not a url', ]; return $data; } }