Same name and namespace in other branches
  1. 8.9.x core/modules/locale/tests/src/Functional/LocaleTranslationUiTest.php \Drupal\Tests\locale\Functional\LocaleTranslationUiTest::testStringValidation()
  2. 9 core/modules/locale/tests/src/Functional/LocaleTranslationUiTest.php \Drupal\Tests\locale\Functional\LocaleTranslationUiTest::testStringValidation()

Tests the validation of the translation input.

File

core/modules/locale/tests/src/Functional/LocaleTranslationUiTest.php, line 334

Class

LocaleTranslationUiTest
Tests the validation of translation strings and search results.

Namespace

Drupal\Tests\locale\Functional

Code

public function testStringValidation() {

  // User to add language and strings.
  $admin_user = $this
    ->drupalCreateUser([
    'administer languages',
    'access administration pages',
    'translate interface',
  ]);
  $this
    ->drupalLogin($admin_user);
  $langcode = 'xx';

  // The English name for the language. This will be translated.
  $name = $this
    ->randomMachineName(16);

  // These will be the invalid translations of $name.
  $key = $this
    ->randomMachineName(16);
  $bad_translations[$key] = "<script>alert('xss');</script>" . $key;
  $key = $this
    ->randomMachineName(16);
  $bad_translations[$key] = '<img SRC="javascript:alert(\'xss\');">' . $key;
  $key = $this
    ->randomMachineName(16);
  $bad_translations[$key] = '<<SCRIPT>alert("xss");//<</SCRIPT>' . $key;
  $key = $this
    ->randomMachineName(16);
  $bad_translations[$key] = "<BODY ONLOAD=alert('xss')>" . $key;

  // Add custom language.
  $edit = [
    'predefined_langcode' => 'custom',
    'langcode' => $langcode,
    'label' => $name,
    'direction' => LanguageInterface::DIRECTION_LTR,
  ];
  $this
    ->drupalGet('admin/config/regional/language/add');
  $this
    ->submitForm($edit, 'Add custom language');

  // Add string.
  t($name, [], [
    'langcode' => $langcode,
  ])
    ->render();

  // Reset locale cache.
  $search = [
    'string' => $name,
    'langcode' => $langcode,
    'translation' => 'all',
  ];
  $this
    ->drupalGet('admin/config/regional/translate');
  $this
    ->submitForm($search, 'Filter');

  // Find the edit path.
  $textarea = $this
    ->assertSession()
    ->elementExists('xpath', '//textarea');
  $lid = $textarea
    ->getAttribute('name');
  foreach ($bad_translations as $translation) {
    $edit = [
      $lid => $translation,
    ];
    $this
      ->drupalGet('admin/config/regional/translate');
    $this
      ->submitForm($edit, 'Save translations');

    // Check for a form error on the textarea, which means the string was
    // rejected as unsafe.
    $this
      ->assertSession()
      ->elementAttributeContains('xpath', '//form[@id="locale-translate-edit-form"]//textarea', 'class', 'error');
    $this
      ->assertSession()
      ->pageTextNotContains('The string has been saved.');
  }
}