View source
<?php
namespace Drupal\Tests\filter\Functional;
use Drupal\filter\Entity\FilterFormat;
use Drupal\Tests\BrowserTestBase;
use Drupal\filter\Plugin\FilterInterface;
use Drupal\user\RoleInterface;
class FilterSecurityTest extends BrowserTestBase {
public static $modules = [
'node',
'filter_test',
];
protected $defaultTheme = 'stark';
protected $adminUser;
protected function setUp() {
parent::setUp();
$this
->drupalCreateContentType([
'type' => 'page',
'name' => 'Basic page',
]);
$filtered_html_format = FilterFormat::load('filtered_html');
$filtered_html_permission = $filtered_html_format
->getPermissionName();
user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, [
$filtered_html_permission,
]);
$this->adminUser = $this
->drupalCreateUser([
'administer modules',
'administer filters',
'administer site configuration',
]);
$this
->drupalLogin($this->adminUser);
}
public function testDisableFilterModule() {
$node = $this
->drupalCreateNode([
'promote' => 1,
]);
$body_raw = $node->body->value;
$format_id = $node->body->format;
$this
->drupalGet('node/' . $node
->id());
$this
->assertText($body_raw, 'Node body found.');
$edit = [
'filters[filter_test_replace][status]' => 1,
];
$this
->drupalPostForm('admin/config/content/formats/manage/' . $format_id, $edit, t('Save configuration'));
$this
->drupalGet('node/' . $node
->id());
$this
->assertNoText($body_raw, 'Node body not found.');
$this
->assertText('Filter: Testing filter', 'Testing filter output found.');
$this
->drupalPostForm('admin/config/content/formats/manage/' . $format_id . '/disable', [], t('Disable'));
$this
->drupalGet('node/' . $node
->id());
$this
->assertNoText($body_raw, 'Node body not found.');
}
public function testSkipSecurityFilters() {
$text = "Text with some disallowed tags: <script />, <p><object>unicorn</object></p>, <i><table></i>.";
$expected_filtered_text = "Text with some disallowed tags: , <p>unicorn</p>, .";
$this
->assertEqual(check_markup($text, 'filtered_html', '', []), $expected_filtered_text, 'Expected filter result.');
$this
->assertEqual(check_markup($text, 'filtered_html', '', [
FilterInterface::TYPE_HTML_RESTRICTOR,
]), $expected_filtered_text, 'Expected filter result, even when trying to disable filters of the FilterInterface::TYPE_HTML_RESTRICTOR type.');
}
}