class XssUnitTest
Same name and namespace in other branches
- 8.9.x core/tests/Drupal/KernelTests/Core/Common/XssUnitTest.php \Drupal\KernelTests\Core\Common\XssUnitTest
- 10 core/tests/Drupal/KernelTests/Core/Common/XssUnitTest.php \Drupal\KernelTests\Core\Common\XssUnitTest
- 11.x core/tests/Drupal/KernelTests/Core/Common/XssUnitTest.php \Drupal\KernelTests\Core\Common\XssUnitTest
Tests XSS filtering.
@group Common
Hierarchy
- class \Drupal\KernelTests\KernelTestBase extends \Drupal\Core\DependencyInjection\ServiceProviderInterface uses \Drupal\KernelTests\AssertLegacyTrait, \Drupal\KernelTests\AssertContentTrait, \Drupal\Tests\RandomGeneratorTrait, \Drupal\Tests\ConfigTestTrait, \Drupal\Tests\ExtensionListTestTrait, \Drupal\Tests\TestRequirementsTrait, \Drupal\Tests\Traits\PhpUnitWarnings, \Drupal\Tests\PhpUnitCompatibilityTrait, \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait implements \PHPUnit\Framework\TestCase
- class \Drupal\KernelTests\Core\Common\XssUnitTest implements \Drupal\KernelTests\KernelTestBase
Expanded class hierarchy of XssUnitTest
See also
\Drupal\Component\Utility\Xss::filter()
\Drupal\Component\Utility\UrlHelper::filterBadProtocol
\Drupal\Component\Utility\UrlHelper::stripDangerousProtocols
File
-
core/
tests/ Drupal/ KernelTests/ Core/ Common/ XssUnitTest.php, line 17
Namespace
Drupal\KernelTests\Core\CommonView source
class XssUnitTest extends KernelTestBase {
/**
* Modules to enable.
*
* @var array
*/
protected static $modules = [
'filter',
'system',
];
/**
* {@inheritdoc}
*/
protected function setUp() : void {
parent::setUp();
$this->installConfig([
'system',
]);
}
/**
* Tests t() functionality.
*/
public function testT() {
$text = t('Simple text');
$this->assertEquals('Simple text', $text, 't leaves simple text alone.');
$text = t('Escaped text: @value', [
'@value' => '<script>',
]);
$this->assertEquals('Escaped text: <script>', $text, 't replaces and escapes string.');
$text = t('Placeholder text: %value', [
'%value' => '<script>',
]);
$this->assertEquals('Placeholder text: <em class="placeholder"><script></em>', $text, 't replaces, escapes and themes string.');
}
/**
* Checks that harmful protocols are stripped.
*/
public function testBadProtocolStripping() {
// Ensure that check_url() strips out harmful protocols, and encodes for
// HTML.
// Ensure \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() can
// be used to return a plain-text string stripped of harmful protocols.
$url = 'javascript:http://www.example.com/?x=1&y=2';
$expected_plain = 'http://www.example.com/?x=1&y=2';
$expected_html = 'http://www.example.com/?x=1&y=2';
$this->assertSame($expected_html, UrlHelper::filterBadProtocol($url), '\\Drupal\\Component\\Utility\\UrlHelper::filterBadProtocol() filters a URL and encodes it for HTML.');
$this->assertSame($expected_plain, UrlHelper::stripDangerousProtocols($url), '\\Drupal\\Component\\Utility\\UrlHelper::stripDangerousProtocols() filters a URL and returns plain text.');
}
}Members
| Title Sort descending | Deprecated | Modifiers | Object type | Summary | Overriden Title | Overrides |
|---|---|---|---|---|---|---|
| AssertContentTrait::$content | protected | property | The current raw content. | |||
| AssertContentTrait::$drupalSettings | protected | property | The drupalSettings value from the current raw $content. | |||
| AssertContentTrait::$elements | protected | property | The XML structure parsed from the current raw $content. | 1 | ||
| AssertContentTrait::$plainTextContent | protected | property | The plain-text content of raw $content (text nodes). | |||
| AssertContentTrait::assertEscaped | protected | function | Passes if the raw text IS found escaped on the loaded page, fail otherwise. | |||
| AssertContentTrait::assertField | protected | function | Asserts that a field exists with the given name or ID. | |||
| AssertContentTrait::assertFieldById | protected | function | Asserts that a field exists with the given ID and value. | |||
| AssertContentTrait::assertFieldByName | protected | function | Asserts that a field exists with the given name and value. | |||
| AssertContentTrait::assertFieldByXPath | protected | function | Asserts that a field exists in the current page by the given XPath. | |||
| AssertContentTrait::assertFieldChecked | protected | function | Asserts that a checkbox field in the current page is checked. | |||
| AssertContentTrait::assertFieldsByValue | protected | function | Asserts that a field exists in the current page with a given Xpath result. | |||
| AssertContentTrait::assertLink | protected | function | Passes if a link with the specified label is found. | |||
| AssertContentTrait::assertLinkByHref | protected | function | Passes if a link containing a given href (part) is found. | |||
| AssertContentTrait::assertNoDuplicateIds | protected | function | Asserts that each HTML ID is used for just a single element. | |||
| AssertContentTrait::assertNoEscaped | protected | function | Passes if raw text IS NOT found escaped on loaded page, fail otherwise. | |||
| AssertContentTrait::assertNoField | protected | function | Asserts that a field does not exist with the given name or ID. | |||
| AssertContentTrait::assertNoFieldById | protected | function | Asserts that a field does not exist with the given ID and value. | |||
| AssertContentTrait::assertNoFieldByName | protected | function | Asserts that a field does not exist with the given name and value. | |||
| AssertContentTrait::assertNoFieldByXPath | protected | function | Asserts that a field does not exist or its value does not match, by XPath. | |||
| AssertContentTrait::assertNoFieldChecked | protected | function | Asserts that a checkbox field in the current page is not checked. | |||
| AssertContentTrait::assertNoLink | protected | function | Passes if a link with the specified label is not found. | |||
| AssertContentTrait::assertNoLinkByHref | protected | function | Passes if a link containing a given href (part) is not found. | |||
| AssertContentTrait::assertNoLinkByHrefInMainRegion | protected | function | Passes if a link containing a given href is not found in the main region. | |||
| AssertContentTrait::assertNoOption | protected | function | Asserts that a select option in the current page does not exist. | |||
| AssertContentTrait::assertNoOptionSelected | protected | function | Asserts that a select option in the current page is not checked. | |||
| AssertContentTrait::assertNoPattern | protected | function | Triggers a pass if the perl regex pattern is not found in raw content. | |||
| AssertContentTrait::assertNoRaw | protected | function | Passes if the raw text is NOT found on the loaded page, fail otherwise. | |||
| AssertContentTrait::assertNoText | protected | function | Passes if the page (with HTML stripped) does not contains the text. | |||
| AssertContentTrait::assertNoTitle | protected | function | Pass if the page title is not the given string. | |||
| AssertContentTrait::assertNoUniqueText | protected | function | Passes if the text is found MORE THAN ONCE on the text version of the page. | |||
| AssertContentTrait::assertOption | protected | function | Asserts that a select option in the current page exists. | |||
| AssertContentTrait::assertOptionByText | protected | function | Asserts that a select option with the visible text exists. | |||
| AssertContentTrait::assertOptionSelected | protected | function | Asserts that a select option in the current page is checked. | |||
| AssertContentTrait::assertOptionSelectedWithDrupalSelector | protected | function | Asserts that a select option in the current page is checked. | |||
| AssertContentTrait::assertOptionWithDrupalSelector | protected | function | Asserts that a select option in the current page exists. | |||
| AssertContentTrait::assertPattern | protected | function | Triggers a pass if the Perl regex pattern is found in the raw content. | |||
| AssertContentTrait::assertRaw | protected | function | Passes if the raw text IS found on the loaded page, fail otherwise. | |||
| AssertContentTrait::assertText | protected | function | Passes if the page (with HTML stripped) contains the text. | |||
| AssertContentTrait::assertTextHelper | protected | function | Helper for assertText and assertNoText. | |||
| AssertContentTrait::assertTextPattern | protected | function | Asserts that a Perl regex pattern is found in the plain-text content. | |||
| AssertContentTrait::assertThemeOutput | protected | function | Asserts themed output. | |||
| AssertContentTrait::assertTitle | protected | function | Pass if the page title is the given string. | |||
| AssertContentTrait::assertUniqueText | protected | function | Passes if the text is found ONLY ONCE on the text version of the page. | |||
| AssertContentTrait::assertUniqueTextHelper | protected | function | Helper for assertUniqueText and assertNoUniqueText. | |||
| AssertContentTrait::buildXPathQuery | protected | function | Builds an XPath query. | |||
| AssertContentTrait::constructFieldXpath | protected | function | Helper: Constructs an XPath for the given set of attributes and value. | |||
| AssertContentTrait::cssSelect | protected | function | Searches elements using a CSS selector in the raw content. | |||
| AssertContentTrait::getAllOptions | protected | function | Get all option elements, including nested options, in a select. | |||
| AssertContentTrait::getDrupalSettings | protected | function | Gets the value of drupalSettings for the currently-loaded page. | |||
| AssertContentTrait::getRawContent | protected | function | Gets the current raw content. | |||
| AssertContentTrait::getSelectedItem | protected | function | Get the selected value from a select field. | |||
| AssertContentTrait::getTextContent | protected | function | Retrieves the plain-text content from the current raw content. | |||
| AssertContentTrait::getUrl | protected | function | Get the current URL from the cURL handler. | 1 | ||
| AssertContentTrait::parse | protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |||
| AssertContentTrait::removeWhiteSpace | protected | function | Removes all white-space between HTML tags from the raw content. | |||
| AssertContentTrait::setDrupalSettings | protected | function | Sets the value of drupalSettings for the currently-loaded page. | |||
| AssertContentTrait::setRawContent | protected | function | Sets the raw content (e.g. HTML). | |||
| AssertContentTrait::xpath | protected | function | Performs an xpath search on the contents of the internal browser. | |||
| AssertLegacyTrait::assert | Deprecated | protected | function | |||
| AssertLegacyTrait::assertEqual | Deprecated | protected | function | |||
| AssertLegacyTrait::assertIdentical | Deprecated | protected | function | |||
| AssertLegacyTrait::assertIdenticalObject | Deprecated | protected | function | |||
| AssertLegacyTrait::assertNotEqual | Deprecated | protected | function | |||
| AssertLegacyTrait::assertNotIdentical | Deprecated | protected | function | |||
| AssertLegacyTrait::pass | Deprecated | protected | function | |||
| AssertLegacyTrait::verbose | Deprecated | protected | function | |||
| ConfigTestTrait::configImporter | protected | function | Returns a ConfigImporter object to import test configuration. | |||
| ConfigTestTrait::copyConfig | protected | function | Copies configuration objects from source storage to target storage. | |||
| ExtensionListTestTrait::getModulePath | protected | function | Gets the path for the specified module. | |||
| ExtensionListTestTrait::getThemePath | protected | function | Gets the path for the specified theme. | |||
| KernelTestBase::$backupGlobals | protected | property | Back up and restore any global variables that may be changed by tests. | |||
| KernelTestBase::$backupStaticAttributes | protected | property | Back up and restore static class properties that may be changed by tests. | |||
| KernelTestBase::$backupStaticAttributesBlacklist | protected | property | Contains a few static class properties for performance. | |||
| KernelTestBase::$classLoader | protected | property | ||||
| KernelTestBase::$configImporter | protected | property | @todo Move into Config test base class. | 6 | ||
| KernelTestBase::$configSchemaCheckerExclusions | protected static | property | An array of config object names that are excluded from schema checking. | |||
| KernelTestBase::$container | protected | property | ||||
| KernelTestBase::$databasePrefix | protected | property | ||||
| KernelTestBase::$keyValue | protected | property | The key_value service that must persist between container rebuilds. | |||
| KernelTestBase::$preserveGlobalState | protected | property | Do not forward any global state from the parent process to the processes that run the actual tests. |
|||
| KernelTestBase::$root | protected | property | The app root. | |||
| KernelTestBase::$runTestInSeparateProcess | protected | property | Kernel tests are run in separate processes because they allow autoloading of code from extensions. Running the test in a separate process isolates this behavior from other tests. Subclasses should not override this property. |
|||
| KernelTestBase::$siteDirectory | protected | property | ||||
| KernelTestBase::$strictConfigSchema | protected | property | Set to TRUE to strict check all configuration saved. | 7 | ||
| KernelTestBase::$vfsRoot | protected | property | The virtual filesystem root directory. | |||
| KernelTestBase::assertPostConditions | protected | function | 1 | |||
| KernelTestBase::bootEnvironment | protected | function | Bootstraps a basic test environment. | |||
| KernelTestBase::bootKernel | private | function | Bootstraps a kernel for a test. | |||
| KernelTestBase::config | protected | function | Configuration accessor for tests. Returns non-overridden configuration. | |||
| KernelTestBase::disableModules | protected | function | Disables modules for this test. | |||
| KernelTestBase::enableModules | protected | function | Enables modules for this test. | |||
| KernelTestBase::getConfigSchemaExclusions | protected | function | Gets the config schema exclusions for this test. | |||
| KernelTestBase::getDatabaseConnectionInfo | protected | function | Returns the Database connection info to be used for this test. | 3 | ||
| KernelTestBase::getDatabasePrefix | public | function | ||||
| KernelTestBase::getExtensionsForModules | private | function | Returns Extension objects for $modules to enable. | |||
| KernelTestBase::getModulesToEnable | private static | function | Returns the modules to enable for this test. | |||
| KernelTestBase::initFileCache | protected | function | Initializes the FileCache component. | |||
| KernelTestBase::installConfig | protected | function | Installs default configuration for a given list of modules. | |||
| KernelTestBase::installEntitySchema | protected | function | Installs the storage schema for a specific entity type. | |||
| KernelTestBase::installSchema | protected | function | Installs database tables from a module schema definition. | |||
| KernelTestBase::register | public | function | Registers test-specific services. | Overrides ServiceProviderInterface::register | 26 | |
| KernelTestBase::render | protected | function | Renders a render array. | 1 | ||
| KernelTestBase::setInstallProfile | protected | function | Sets the install profile and rebuilds the container to update it. | |||
| KernelTestBase::setSetting | protected | function | Sets an in-memory Settings variable. | |||
| KernelTestBase::setUpBeforeClass | public static | function | 1 | |||
| KernelTestBase::setUpFilesystem | protected | function | Sets up the filesystem, so things like the file directory. | 3 | ||
| KernelTestBase::stop | protected | function | Stops test execution. | |||
| KernelTestBase::tearDown | protected | function | 5 | |||
| KernelTestBase::tearDownCloseDatabaseConnection | public | function | @after | |||
| KernelTestBase::vfsDump | protected | function | Dumps the current state of the virtual filesystem to STDOUT. | |||
| KernelTestBase::__sleep | public | function | Prevents serializing any properties. | |||
| PhpUnitWarnings::$deprecationWarnings | private static | property | Deprecation warnings from PHPUnit to raise with @trigger_error(). | |||
| PhpUnitWarnings::addWarning | public | function | Converts PHPUnit deprecation warnings to E_USER_DEPRECATED. | |||
| RandomGeneratorTrait::$randomGenerator | protected | property | The random generator. | |||
| RandomGeneratorTrait::getRandomGenerator | protected | function | Gets the random generator for the utility methods. | |||
| RandomGeneratorTrait::randomMachineName | protected | function | Generates a unique random string containing letters and numbers. | 1 | ||
| RandomGeneratorTrait::randomObject | public | function | Generates a random PHP object. | |||
| RandomGeneratorTrait::randomString | public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |||
| RandomGeneratorTrait::randomStringValidate | public | function | Callback for random string validation. | |||
| StorageCopyTrait::replaceStorageContents | protected static | function | Copy the configuration from one storage to another and remove stale items. | |||
| TestRequirementsTrait::checkModuleRequirements | private | function | Checks missing module requirements. | |||
| TestRequirementsTrait::checkRequirements | protected | function | Check module requirements for the Drupal use case. | |||
| TestRequirementsTrait::getDrupalRoot | protected static | function | Returns the Drupal root directory. | |||
| XssUnitTest::$modules | protected static | property | Modules to enable. | Overrides KernelTestBase::$modules | ||
| XssUnitTest::setUp | protected | function | Overrides KernelTestBase::setUp | |||
| XssUnitTest::testBadProtocolStripping | public | function | Checks that harmful protocols are stripped. | |||
| XssUnitTest::testT | public | function | Tests t() functionality. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.