function TwigRawTest::testAutoescape

Same name in other branches
  1. 9 core/modules/system/tests/src/Kernel/Theme/TwigRawTest.php \Drupal\Tests\system\Kernel\Theme\TwigRawTest::testAutoescape()
  2. 8.9.x core/modules/system/tests/src/Kernel/Theme/TwigRawTest.php \Drupal\Tests\system\Kernel\Theme\TwigRawTest::testAutoescape()
  3. 10 core/modules/system/tests/src/Kernel/Theme/TwigRawTest.php \Drupal\Tests\system\Kernel\Theme\TwigRawTest::testAutoescape()

Tests autoescaping of unsafe content.

This is one of the most important tests in Drupal itself in terms of security.

File

core/modules/system/tests/src/Kernel/Theme/TwigRawTest.php, line 40

Class

TwigRawTest
Tests Twig 'raw' filter.

Namespace

Drupal\Tests\system\Kernel\Theme

Code

public function testAutoescape() : void {
    $script = '<script>alert("This alert is unreal!");</script>';
    $build = [
        '#theme' => 'twig_autoescape_test',
        '#script' => $script,
    ];
    $rendered = \Drupal::service('renderer')->renderRoot($build);
    $this->setRawContent($rendered);
    $this->assertEscaped($script);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.