class LocaleStringIsSafeTest in Drupal 9
Same name and namespace in other branches
- 8 core/modules/locale/tests/src/Kernel/LocaleStringIsSafeTest.php \Drupal\Tests\locale\Kernel\LocaleStringIsSafeTest
Tests locale translation safe string handling.
@group locale
Hierarchy
- class \Drupal\KernelTests\KernelTestBase extends \PHPUnit\Framework\TestCase implements ServiceProviderInterface uses \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait, AssertContentTrait, AssertLegacyTrait, ConfigTestTrait, ExtensionListTestTrait, PhpUnitCompatibilityTrait, RandomGeneratorTrait, TestRequirementsTrait, PhpUnitWarnings
- class \Drupal\Tests\locale\Kernel\LocaleStringIsSafeTest
Expanded class hierarchy of LocaleStringIsSafeTest
File
- core/
modules/ locale/ tests/ src/ Kernel/ LocaleStringIsSafeTest.php, line 12
Namespace
Drupal\Tests\locale\KernelView source
class LocaleStringIsSafeTest extends KernelTestBase {
/**
* Modules to enable.
*
* @var array
*/
protected static $modules = [
'locale',
'locale_test',
];
/**
* Tests for locale_string_is_safe().
*/
public function testLocaleStringIsSafe() {
// Check a translatable string without HTML.
$string = 'Hello world!';
$result = locale_string_is_safe($string);
$this
->assertTrue($result);
// Check a translatable string which includes trustable HTML.
$string = 'Hello <strong>world</strong>!';
$result = locale_string_is_safe($string);
$this
->assertTrue($result);
// Check an untranslatable string which includes untrustable HTML (according
// to the locale_string_is_safe() function definition).
$string = 'Hello <img src="world.png" alt="world" />!';
$result = locale_string_is_safe($string);
$this
->assertFalse($result);
// Check a translatable string which includes a token in an href attribute.
$string = 'Hi <a href="[current-user:url]">user</a>';
$result = locale_string_is_safe($string);
$this
->assertTrue($result);
}
/**
* Tests if a translated and tokenized string is properly escaped by Twig.
*
* In each assert* call we add a new line at the expected result to match the
* newline at the end of the template file.
*/
public function testLocalizedTokenizedString() {
$tests_to_do = [
1 => [
'original' => 'Go to the <a href="[locale_test:security_test1]">frontpage</a>',
'replaced' => 'Go to the <a href="javascript:alert(&#039;Mooooh!&#039;);">frontpage</a>',
],
2 => [
'original' => 'Hello <strong>[locale_test:security_test2]</strong>!',
'replaced' => 'Hello <strong>&lt;script&gt;alert(&#039;Mooooh!&#039;);&lt;/script&gt;</strong>!',
],
];
foreach ($tests_to_do as $i => $test) {
$original_string = $test['original'];
$rendered_original_string = \Drupal::theme()
->render('locale_test_tokenized', [
'content' => $original_string,
]);
// Twig assumes that strings are unsafe so it escapes them, and so the
// original and the rendered version should be different.
$this
->assertNotEquals($original_string . "\n", $rendered_original_string, 'Security test ' . $i . ' before translation');
// Pass the original string to the t() function to get it marked as safe.
$safe_string = t($original_string);
$rendered_safe_string = \Drupal::theme()
->render('locale_test_tokenized', [
'content' => $safe_string,
]);
// t() function always marks the string as safe so it won't be escaped,
// and should be the same as the original.
$this
->assertEquals($original_string . "\n", $rendered_safe_string, 'Security test ' . $i . ' after translation before token replacement');
// Replace tokens in the safe string to inject it with dangerous content.
// @see locale_test_tokens().
$unsafe_string = \Drupal::token()
->replace($safe_string);
$rendered_unsafe_string = \Drupal::theme()
->render('locale_test_tokenized', [
'content' => $unsafe_string,
]);
// Token replacement changes the string so it is not marked as safe
// anymore. Check it is escaped the way we expect.
$this
->assertEquals($test['replaced'] . "\n", $rendered_unsafe_string, 'Security test ' . $i . ' after translation after token replacement');
}
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
AssertContentTrait:: |
protected | property | The current raw content. | |
|
AssertContentTrait:: |
protected | property | The drupalSettings value from the current raw $content. | |
|
AssertContentTrait:: |
protected | property | The XML structure parsed from the current raw $content. | 1 |
|
AssertContentTrait:: |
protected | property | The plain-text content of raw $content (text nodes). | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text IS found escaped on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name or ID. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given ID and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page by the given XPath. | |
|
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is checked. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page with a given Xpath result. | |
|
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is found. | |
|
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is found. | |
|
AssertContentTrait:: |
protected | function | Asserts that each HTML ID is used for just a single element. | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text IS NOT found escaped on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name or ID. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given ID and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name and value. | |
|
AssertContentTrait:: |
protected | function | Asserts that a field does not exist or its value does not match, by XPath. | |
|
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is not checked. | |
|
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is not found. | |
|
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is not found. | |
|
AssertContentTrait:: |
protected | function | Passes if a link containing a given href is not found in the main region. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page does not exist. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is not checked. | |
|
AssertContentTrait:: |
protected | function | Triggers a pass if the perl regex pattern is not found in raw content. | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text is NOT found on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) does not contains the text. | |
|
AssertContentTrait:: |
protected | function | Pass if the page title is not the given string. | |
|
AssertContentTrait:: |
protected | function | Passes if the text is found MORE THAN ONCE on the text version of the page. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option with the visible text exists. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
|
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
|
AssertContentTrait:: |
protected | function | Triggers a pass if the Perl regex pattern is found in the raw content. | |
|
AssertContentTrait:: |
protected | function | Passes if the raw text IS found on the loaded page, fail otherwise. | |
|
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) contains the text. | |
|
AssertContentTrait:: |
protected | function | Helper for assertText and assertNoText. | |
|
AssertContentTrait:: |
protected | function | Asserts that a Perl regex pattern is found in the plain-text content. | |
|
AssertContentTrait:: |
protected | function | Asserts themed output. | |
|
AssertContentTrait:: |
protected | function | Pass if the page title is the given string. | |
|
AssertContentTrait:: |
protected | function | Passes if the text is found ONLY ONCE on the text version of the page. | |
|
AssertContentTrait:: |
protected | function | Helper for assertUniqueText and assertNoUniqueText. | |
|
AssertContentTrait:: |
protected | function | Builds an XPath query. | |
|
AssertContentTrait:: |
protected | function | Helper: Constructs an XPath for the given set of attributes and value. | |
|
AssertContentTrait:: |
protected | function | Searches elements using a CSS selector in the raw content. | |
|
AssertContentTrait:: |
protected | function | Get all option elements, including nested options, in a select. | |
|
AssertContentTrait:: |
protected | function | Gets the value of drupalSettings for the currently-loaded page. | |
|
AssertContentTrait:: |
protected | function | Gets the current raw content. | |
|
AssertContentTrait:: |
protected | function | Get the selected value from a select field. | |
|
AssertContentTrait:: |
protected | function | Retrieves the plain-text content from the current raw content. | |
|
AssertContentTrait:: |
protected | function | Get the current URL from the cURL handler. | 1 |
|
AssertContentTrait:: |
protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |
|
AssertContentTrait:: |
protected | function | Removes all white-space between HTML tags from the raw content. | |
|
AssertContentTrait:: |
protected | function | Sets the value of drupalSettings for the currently-loaded page. | |
|
AssertContentTrait:: |
protected | function | Sets the raw content (e.g. HTML). | |
|
AssertContentTrait:: |
protected | function | Performs an xpath search on the contents of the internal browser. | |
|
AssertLegacyTrait:: |
protected | function | ||
|
AssertLegacyTrait:: |
protected | function | ||
|
AssertLegacyTrait:: |
protected | function | ||
|
AssertLegacyTrait:: |
protected | function | ||
|
AssertLegacyTrait:: |
protected | function | ||
|
AssertLegacyTrait:: |
protected | function | ||
|
AssertLegacyTrait:: |
protected | function | ||
|
AssertLegacyTrait:: |
protected | function | ||
|
ConfigTestTrait:: |
protected | function | Returns a ConfigImporter object to import test configuration. | |
|
ConfigTestTrait:: |
protected | function | Copies configuration objects from source storage to target storage. | |
|
ExtensionListTestTrait:: |
protected | function | Gets the path for the specified module. | |
|
ExtensionListTestTrait:: |
protected | function | Gets the path for the specified theme. | |
|
KernelTestBase:: |
protected | property | Back up and restore any global variables that may be changed by tests. | |
|
KernelTestBase:: |
protected | property | Back up and restore static class properties that may be changed by tests. | |
|
KernelTestBase:: |
protected | property | Contains a few static class properties for performance. | |
|
KernelTestBase:: |
protected | property | ||
|
KernelTestBase:: |
protected | property | @todo Move into Config test base class. | 7 |
|
KernelTestBase:: |
protected static | property | An array of config object names that are excluded from schema checking. | |
|
KernelTestBase:: |
protected | property | ||
|
KernelTestBase:: |
protected | property | ||
|
KernelTestBase:: |
protected | property | Do not forward any global state from the parent process to the processes that run the actual tests. | |
|
KernelTestBase:: |
protected | property | The app root. | |
|
KernelTestBase:: |
protected | property | Kernel tests are run in separate processes because they allow autoloading of code from extensions. Running the test in a separate process isolates this behavior from other tests. Subclasses should not override this property. | |
|
KernelTestBase:: |
protected | property | ||
|
KernelTestBase:: |
protected | property | Set to TRUE to strict check all configuration saved. | 6 |
|
KernelTestBase:: |
protected | property | The virtual filesystem root directory. | |
|
KernelTestBase:: |
protected | function | 1 | |
|
KernelTestBase:: |
protected | function | Bootstraps a basic test environment. | |
|
KernelTestBase:: |
private | function | Bootstraps a kernel for a test. | |
|
KernelTestBase:: |
protected | function | Configuration accessor for tests. Returns non-overridden configuration. | |
|
KernelTestBase:: |
protected | function | Disables modules for this test. | |
|
KernelTestBase:: |
protected | function | Enables modules for this test. | |
|
KernelTestBase:: |
protected | function | Gets the config schema exclusions for this test. | |
|
KernelTestBase:: |
protected | function | Returns the Database connection info to be used for this test. | 3 |
|
KernelTestBase:: |
public | function | ||
|
KernelTestBase:: |
private | function | Returns Extension objects for $modules to enable. | |
|
KernelTestBase:: |
private static | function | Returns the modules to enable for this test. | |
|
KernelTestBase:: |
protected | function | Initializes the FileCache component. | |
|
KernelTestBase:: |
protected | function | Installs default configuration for a given list of modules. | |
|
KernelTestBase:: |
protected | function | Installs the storage schema for a specific entity type. | |
|
KernelTestBase:: |
protected | function | Installs database tables from a module schema definition. | |
|
KernelTestBase:: |
protected | function | ||
|
KernelTestBase:: |
public | function |
Registers test-specific services. Overrides ServiceProviderInterface:: |
24 |
|
KernelTestBase:: |
protected | function | Renders a render array. | 1 |
|
KernelTestBase:: |
protected | function | Sets the install profile and rebuilds the container to update it. | |
|
KernelTestBase:: |
protected | function | Sets an in-memory Settings variable. | |
|
KernelTestBase:: |
protected | function | 334 | |
|
KernelTestBase:: |
public static | function | 1 | |
|
KernelTestBase:: |
protected | function | Sets up the filesystem, so things like the file directory. | 2 |
|
KernelTestBase:: |
protected | function | Stops test execution. | |
|
KernelTestBase:: |
protected | function | 4 | |
|
KernelTestBase:: |
public | function | @after | |
|
KernelTestBase:: |
protected | function | Dumps the current state of the virtual filesystem to STDOUT. | |
|
KernelTestBase:: |
public | function | Prevents serializing any properties. | |
|
LocaleStringIsSafeTest:: |
protected static | property |
Modules to enable. Overrides KernelTestBase:: |
|
|
LocaleStringIsSafeTest:: |
public | function | Tests for locale_string_is_safe(). | |
|
LocaleStringIsSafeTest:: |
public | function | Tests if a translated and tokenized string is properly escaped by Twig. | |
|
PhpUnitWarnings:: |
private static | property | Deprecation warnings from PHPUnit to raise with @trigger_error(). | |
|
PhpUnitWarnings:: |
public | function | Converts PHPUnit deprecation warnings to E_USER_DEPRECATED. | |
|
RandomGeneratorTrait:: |
protected | property | The random generator. | |
|
RandomGeneratorTrait:: |
protected | function | Gets the random generator for the utility methods. | |
|
RandomGeneratorTrait:: |
protected | function | Generates a unique random string containing letters and numbers. | 1 |
|
RandomGeneratorTrait:: |
public | function | Generates a random PHP object. | |
|
RandomGeneratorTrait:: |
public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |
|
RandomGeneratorTrait:: |
public | function | Callback for random string validation. | |
|
StorageCopyTrait:: |
protected static | function | Copy the configuration from one storage to another and remove stale items. | |
|
TestRequirementsTrait:: |
private | function | Checks missing module requirements. | |
|
TestRequirementsTrait:: |
protected | function | Check module requirements for the Drupal use case. | 1 |
|
TestRequirementsTrait:: |
protected static | function | Returns the Drupal root directory. |