class AttributeXssTest
Tests AttributeXss.
@group link
@covers \Drupal\link\AttributeXss
Hierarchy
- class \Drupal\Tests\UnitTestCase uses \Drupal\Tests\PhpUnitCompatibilityTrait, \Prophecy\PhpUnit\ProphecyTrait, \Drupal\TestTools\Extension\DeprecationBridge\ExpectDeprecationTrait, \Drupal\Tests\RandomGeneratorTrait implements \PHPUnit\Framework\TestCase
- class \Drupal\Tests\link\Unit\AttributeXssTest implements \Drupal\Tests\UnitTestCase
Expanded class hierarchy of AttributeXssTest
File
-
core/
modules/ link/ tests/ src/ Unit/ AttributeXssTest.php, line 16
Namespace
Drupal\Tests\link\UnitView source
final class AttributeXssTest extends UnitTestCase {
/**
* Covers ::sanitizeAttributes.
*
* @dataProvider providerSanitizeAttributes
*/
public function testSanitizeAttributes(array $attributes, array $expected) : void {
self::assertSame($expected, AttributeXss::sanitizeAttributes($attributes));
}
/**
* Data provider for ::testSanitizeAttributes.
*
* @return \Generator
* Test cases.
*/
public static function providerSanitizeAttributes() : \Generator {
(yield 'safe' => [
[
'class' => [
'foo',
'bar',
],
'data-biscuit' => TRUE,
],
[
'class' => [
'foo',
'bar',
],
'data-biscuit' => TRUE,
],
]);
(yield 'valueless' => [
[
'class' => [
'foo',
'bar',
],
'selected' => '',
],
[
'class' => [
'foo',
'bar',
],
'selected' => '',
],
]);
(yield 'empty names' => [
[
'class' => [
'foo',
'bar',
],
'' => 'live',
' ' => TRUE,
],
[
'class' => [
'foo',
'bar',
],
],
]);
(yield 'only empty names' => [
[
'' => 'live',
' ' => TRUE,
],
[],
]);
(yield 'valueless, mangled with a space' => [
[
'class' => [
'foo',
'bar',
],
'selected href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
]);
(yield 'valueless, mangled with a space, blocked' => [
[
'class' => [
'foo',
'bar',
],
'selected onclick href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
]);
(yield 'with encoding' => [
[
'class' => [
'foo',
'bar',
],
'data-how-good' => "It's the bee's knees",
],
[
'class' => [
'foo',
'bar',
],
'data-how-good' => "It's the bee's knees",
],
]);
(yield 'valueless, mangled with multiple spaces, blocked' => [
[
'class' => [
'foo',
'bar',
],
'selected onclick href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
]);
(yield 'valueless, mangled with multiple spaces, blocked, mangled first' => [
[
'selected onclick href' => 'http://example.com',
'class' => [
'foo',
'bar',
],
],
[
'selected' => 'selected',
'href' => 'http://example.com',
'class' => [
'foo',
'bar',
],
],
]);
(yield 'valueless but with value' => [
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
]);
(yield 'valueless but with value, bad protocol' => [
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'javascript:alert()',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'alert()',
],
]);
(yield 'valueless, mangled with a space and bad protocol' => [
[
'class' => [
'foo',
'bar',
],
'selected href' => 'javascript:alert()',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'alert()',
],
]);
(yield 'valueless, mangled with a space and bad protocol, repeated' => [
[
'class' => [
'foo',
'bar',
],
'selected href' => 'javascript:alert()',
'href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'alert()',
],
]);
(yield 'with a space' => [
[
'class' => [
'foo',
'bar',
],
'href' => \urlencode('some file.pdf'),
],
[
'class' => [
'foo',
'bar',
],
'href' => 'some+file.pdf',
],
]);
(yield 'with an unencoded space' => [
[
'class' => [
'foo',
'bar',
],
'href' => 'some file.pdf',
],
[
'class' => [
'foo',
'bar',
],
'href' => 'some file.pdf',
],
]);
(yield 'xss onclick' => [
[
'class' => [
'foo',
'bar',
],
'onclick' => 'alert("whoop");',
],
[
'class' => [
'foo',
'bar',
],
],
]);
(yield 'xss onclick, valueless, mangled with a space' => [
[
'class' => [
'foo',
'bar',
],
'selected onclick href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
]);
(yield 'xss protocol' => [
[
'class' => [
'foo',
'bar',
],
'src' => 'javascript:alert("whoop");',
],
[
'class' => [
'foo',
'bar',
],
'src' => 'alert("whoop");',
],
]);
}
}Members
| Title Sort descending | Modifiers | Object type | Summary | Overrides |
|---|---|---|---|---|
| AttributeXssTest::providerSanitizeAttributes | public static | function | Data provider for ::testSanitizeAttributes. | |
| AttributeXssTest::testSanitizeAttributes | public | function | Covers ::sanitizeAttributes. | |
| ExpectDeprecationTrait::expectDeprecation | public | function | Adds an expected deprecation. | |
| ExpectDeprecationTrait::setUpErrorHandler | public | function | Sets up the test error handler. | |
| ExpectDeprecationTrait::tearDownErrorHandler | public | function | Tears down the test error handler. | |
| RandomGeneratorTrait::getRandomGenerator | protected | function | Gets the random generator for the utility methods. | |
| RandomGeneratorTrait::randomMachineName | protected | function | Generates a unique random string containing letters and numbers. | |
| RandomGeneratorTrait::randomObject | public | function | Generates a random PHP object. | |
| RandomGeneratorTrait::randomString | public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |
| UnitTestCase::$root | protected | property | The app root. | |
| UnitTestCase::getClassResolverStub | protected | function | Returns a stub class resolver. | |
| UnitTestCase::getConfigFactoryStub | public | function | Returns a stub config factory that behaves according to the passed array. | |
| UnitTestCase::getContainerWithCacheTagsInvalidator | protected | function | Sets up a container with a cache tags invalidator. | |
| UnitTestCase::getStringTranslationStub | public | function | Returns a stub translation manager that just returns the passed string. | |
| UnitTestCase::setDebugDumpHandler | public static | function | Registers the dumper CLI handler when the DebugDump extension is enabled. | |
| UnitTestCase::setUp | protected | function | 375 | |
| UnitTestCase::setupMockIterator | protected | function | Set up a traversable class mock to return specific items when iterated. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.