Home Explore Help
Sign In
kevin
/
Popsu-coloque
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c11935cb48
Branches Tags
Popsu-coloque
/
web
/
core
/
tests
/
Drupal
/
KernelTests
/
Core
/
Common
/
XssUnitTest.php

XssUnitTest.php 2.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. <?php
    2. 

  2. 

  3. namespace Drupal\KernelTests\Core\Common;
    4. 

  4. 

  5. use Drupal\Component\Utility\UrlHelper;
    6. 

  6. use Drupal\KernelTests\KernelTestBase;
    7. 

  7. 

  8. /**
    9. 

  9.  * Confirm that \Drupal\Component\Utility\Xss::filter() and check_url() work
    10. 

  10.  * correctly, including invalid multi-byte sequences.
    11. 

  11.  *
    12. 

  12.  * @group Common
    13. 

  13.  */
    14. 

  14. class XssUnitTest extends KernelTestBase {
    15. 

  15. 

  16.   /**
    17. 

  17.    * Modules to enable.
    18. 

  18.    *
    19. 

  19.    * @var array
    20. 

  20.    */
    21. 

  21.   public static $modules = ['filter', 'system'];
    22. 

  22. 

  23.   protected function setUp() {
    24. 

  24.     parent::setUp();
    25. 

  25.     $this->installConfig(['system']);
    26. 

  26.   }
    27. 

  27. 

  28.   /**
    29. 

  29.    * Tests t() functionality.
    30. 

  30.    */
    31. 

  31.   public function testT() {
    32. 

  32.     $text = t('Simple text');
    33. 

  33.     $this->assertEqual($text, 'Simple text', 't leaves simple text alone.');
    34. 

  34.     $text = t('Escaped text: @value', ['@value' => '<script>']);
    35. 

  35.     $this->assertEqual($text, 'Escaped text: &lt;script&gt;', 't replaces and escapes string.');
    36. 

  36.     $text = t('Placeholder text: %value', ['%value' => '<script>']);
    37. 

  37.     $this->assertEqual($text, 'Placeholder text: <em class="placeholder">&lt;script&gt;</em>', 't replaces, escapes and themes string.');
    38. 

  38.   }
    39. 

  39. 

  40.   /**
    41. 

  41.    * Checks that harmful protocols are stripped.
    42. 

  42.    */
    43. 

  43.   public function testBadProtocolStripping() {
    44. 

  44.     // Ensure that check_url() strips out harmful protocols, and encodes for
    45. 

  45.     // HTML.
    46. 

  46.     // Ensure \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() can
    47. 

  47.     // be used to return a plain-text string stripped of harmful protocols.
    48. 

  48.     $url = 'javascript:http://www.example.com/?x=1&y=2';
    49. 

  49.     $expected_plain = 'http://www.example.com/?x=1&y=2';
    50. 

  50.     $expected_html = 'http://www.example.com/?x=1&amp;y=2';
    51. 

  51.     $this->assertIdentical(UrlHelper::filterBadProtocol($url), $expected_html, '\Drupal\Component\Utility\UrlHelper::filterBadProtocol() filters a URL and encodes it for HTML.');
    52. 

  52.     $this->assertIdentical(UrlHelper::stripDangerousProtocols($url), $expected_plain, '\Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() filters a URL and returns plain text.');
    53. 

  53. 

  54.   }
    55. 

  55. 

  56.   /**
    57. 

  57.    * Tests deprecation of the check_url() function.
    58. 

  58.    *
    59. 

  59.    * @group legacy
    60. 

  60.    * @expectedDeprecation check_url() is deprecated in Drupal 8.0.0 and will be removed before Drupal 9.0.0. Use UrlHelper::stripDangerousProtocols() or UrlHelper::filterBadProtocol() instead. See https://www.drupal.org/node/2560027
    61. 

  61.    */
    62. 

  62.   public function testCheckUrl() {
    63. 

  63.     $url = 'javascript:http://www.example.com/?x=1&y=2';
    64. 

  64.     $expected_html = 'http://www.example.com/?x=1&amp;y=2';
    65. 

  65.     $this->assertSame($expected_html, check_url($url));
    66. 

  66.   }
    67. 

  67. 

  68. }
    69.