class UrlTest in Drupal 10
Same name in this branch
- 10 core/modules/system/tests/src/Functional/Common/UrlTest.php \Drupal\Tests\system\Functional\Common\UrlTest
- 10 core/modules/system/tests/src/Functional/Form/UrlTest.php \Drupal\Tests\system\Functional\Form\UrlTest
- 10 core/modules/system/tests/src/Kernel/Common/UrlTest.php \Drupal\Tests\system\Kernel\Common\UrlTest
Same name and namespace in other branches
- 9 core/modules/system/tests/src/Kernel/Common/UrlTest.php \Drupal\Tests\system\Kernel\Common\UrlTest
Confirm that \Drupal\Core\Url, \Drupal\Component\Utility\UrlHelper::filterQueryParameters(), \Drupal\Component\Utility\UrlHelper::buildQuery(), and \Drupal\Core\Utility\LinkGeneratorInterface::generate() work correctly with various input.
@group Common
Hierarchy
- class \Drupal\KernelTests\KernelTestBase extends \PHPUnit\Framework\TestCase implements ServiceProviderInterface uses \Drupal\Tests\PhpUnitCompatibilityTrait, \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait, AssertContentTrait, ConfigTestTrait, ExtensionListTestTrait, RandomGeneratorTrait, TestRequirementsTrait, PhpUnitWarnings
- class \Drupal\Tests\system\Kernel\Common\UrlTest
Expanded class hierarchy of UrlTest
File
- core/
modules/ system/ tests/ src/ Kernel/ Common/ UrlTest.php, line 23
Namespace
Drupal\Tests\system\Kernel\CommonView source
class UrlTest extends KernelTestBase {
protected static $modules = [
'common_test',
'url_alter_test',
];
/**
* Confirms that invalid URLs are filtered in link generating functions.
*/
public function testLinkXSS() {
// Test link generator.
$text = $this
->randomMachineName();
$path = "<SCRIPT>alert('XSS')</SCRIPT>";
$encoded_path = "3CSCRIPT%3Ealert%28%27XSS%27%29%3C/SCRIPT%3E";
$link = Link::fromTextAndUrl($text, Url::fromUserInput('/' . $path))
->toString();
$this
->assertStringContainsString($encoded_path, $link, new FormattableMarkup('XSS attack @path was filtered by \\Drupal\\Core\\Utility\\LinkGeneratorInterface::generate().', [
'@path' => $path,
]));
$this
->assertStringNotContainsString($path, $link, new FormattableMarkup('XSS attack @path was filtered by \\Drupal\\Core\\Utility\\LinkGeneratorInterface::generate().', [
'@path' => $path,
]));
// Test \Drupal\Core\Url.
$link = Url::fromUri('base:' . $path)
->toString();
$this
->assertStringContainsString($encoded_path, $link, new FormattableMarkup('XSS attack @path was filtered by #theme', [
'@path' => $path,
]));
$this
->assertStringNotContainsString($path, $link, new FormattableMarkup('XSS attack @path was filtered by #theme', [
'@path' => $path,
]));
}
/**
* Tests that #type=link bubbles outbound route/path processors' metadata.
*/
public function testLinkBubbleableMetadata() {
\Drupal::service('module_installer')
->install([
'user',
]);
$cases = [
[
'Regular link',
'internal:/user',
[],
[
'contexts' => [],
'tags' => [],
'max-age' => Cache::PERMANENT,
],
[],
],
[
'Regular link, absolute',
'internal:/user',
[
'absolute' => TRUE,
],
[
'contexts' => [
'url.site',
],
'tags' => [],
'max-age' => Cache::PERMANENT,
],
[],
],
[
'Route processor link',
'route:system.run_cron',
[],
[
'contexts' => [
'session',
],
'tags' => [],
'max-age' => Cache::PERMANENT,
],
[
'placeholders' => [],
],
],
[
'Route processor link, absolute',
'route:system.run_cron',
[
'absolute' => TRUE,
],
[
'contexts' => [
'url.site',
'session',
],
'tags' => [],
'max-age' => Cache::PERMANENT,
],
[
'placeholders' => [],
],
],
[
'Path processor link',
'internal:/user/1',
[],
[
'contexts' => [],
'tags' => [
'user:1',
],
'max-age' => Cache::PERMANENT,
],
[],
],
[
'Path processor link, absolute',
'internal:/user/1',
[
'absolute' => TRUE,
],
[
'contexts' => [
'url.site',
],
'tags' => [
'user:1',
],
'max-age' => Cache::PERMANENT,
],
[],
],
];
foreach ($cases as $case) {
[
$title,
$uri,
$options,
$expected_cacheability,
$expected_attachments,
] = $case;
$expected_cacheability['contexts'] = Cache::mergeContexts($expected_cacheability['contexts'], [
'languages:language_interface',
'theme',
'user.permissions',
]);
$link = [
'#type' => 'link',
'#title' => $title,
'#options' => $options,
'#url' => Url::fromUri($uri),
];
\Drupal::service('renderer')
->renderRoot($link);
$this
->assertEqualsCanonicalizing($expected_cacheability, $link['#cache']);
$this
->assertEquals($expected_attachments, $link['#attached']);
}
}
/**
* Tests that default and custom attributes are handled correctly on links.
*/
public function testLinkAttributes() {
/** @var \Drupal\Core\Render\RendererInterface $renderer */
$renderer = $this->container
->get('renderer');
// Test that hreflang is added when a link has a known language.
$language = new Language([
'id' => 'fr',
'name' => 'French',
]);
$hreflang_link = [
'#type' => 'link',
'#options' => [
'language' => $language,
],
'#url' => Url::fromUri('https://www.drupal.org'),
'#title' => 'bar',
];
$langcode = $language
->getId();
// Test that the default hreflang handling for links does not override a
// hreflang attribute explicitly set in the render array.
$hreflang_override_link = $hreflang_link;
$hreflang_override_link['#options']['attributes']['hreflang'] = 'foo';
$rendered = $renderer
->renderRoot($hreflang_link);
$this
->assertTrue($this
->hasAttribute('hreflang', $rendered, $langcode), new FormattableMarkup('hreflang attribute with value @langcode is present on a rendered link when langcode is provided in the render array.', [
'@langcode' => $langcode,
]));
$rendered = $renderer
->renderRoot($hreflang_override_link);
$this
->assertTrue($this
->hasAttribute('hreflang', $rendered, 'foo'), new FormattableMarkup('hreflang attribute with value @hreflang is present on a rendered link when @hreflang is provided in the render array.', [
'@hreflang' => 'foo',
]));
// Test adding a custom class in links produced by
// \Drupal\Core\Utility\LinkGeneratorInterface::generate() and #type 'link'.
// Test the link generator.
$class_l = $this
->randomMachineName();
$link_l = Link::fromTextAndUrl($this
->randomMachineName(), Url::fromRoute('common_test.destination', [], [
'attributes' => [
'class' => [
$class_l,
],
],
]))
->toString();
$this
->assertTrue($this
->hasAttribute('class', $link_l, $class_l), new FormattableMarkup('Custom class @class is present on link when requested by Link::toString()', [
'@class' => $class_l,
]));
// Test #type.
$class_theme = $this
->randomMachineName();
$type_link = [
'#type' => 'link',
'#title' => $this
->randomMachineName(),
'#url' => Url::fromRoute('common_test.destination'),
'#options' => [
'attributes' => [
'class' => [
$class_theme,
],
],
],
];
$link_theme = $renderer
->renderRoot($type_link);
$this
->assertTrue($this
->hasAttribute('class', $link_theme, $class_theme), new FormattableMarkup('Custom class @class is present on link when requested by #type', [
'@class' => $class_theme,
]));
}
/**
* Tests that link functions support render arrays as 'text'.
*/
public function testLinkRenderArrayText() {
/** @var \Drupal\Core\Render\RendererInterface $renderer */
$renderer = $this->container
->get('renderer');
// Build a link with the link generator for reference.
$l = Link::fromTextAndUrl('foo', Url::fromUri('https://www.drupal.org'))
->toString();
// Test a renderable array passed to the link generator.
$renderer
->executeInRenderContext(new RenderContext(), function () use ($renderer, $l) {
$renderable_text = [
'#markup' => 'foo',
];
$l_renderable_text = \Drupal::service('link_generator')
->generate($renderable_text, Url::fromUri('https://www.drupal.org'));
$this
->assertEquals($l, $l_renderable_text);
});
// Test a themed link with plain text 'text'.
$type_link_plain_array = [
'#type' => 'link',
'#title' => 'foo',
'#url' => Url::fromUri('https://www.drupal.org'),
];
$type_link_plain = $renderer
->renderRoot($type_link_plain_array);
$this
->assertEquals($l, $type_link_plain);
// Build a themed link with renderable 'text'.
$type_link_nested_array = [
'#type' => 'link',
'#title' => [
'#markup' => 'foo',
],
'#url' => Url::fromUri('https://www.drupal.org'),
];
$type_link_nested = $renderer
->renderRoot($type_link_nested_array);
$this
->assertEquals($l, $type_link_nested);
}
/**
* Checks for class existence in link.
*
* @param $attribute
* Attribute to be checked.
* @param $link
* URL to search.
* @param $class
* Element class to search for.
*
* @return bool
* TRUE if the class is found, FALSE otherwise.
*/
private function hasAttribute($attribute, $link, $class) {
return (bool) preg_match('|' . $attribute . '="([^\\"\\s]+\\s+)*' . $class . '|', $link);
}
/**
* Tests UrlHelper::filterQueryParameters().
*/
public function testDrupalGetQueryParameters() {
$original = [
'a' => 1,
'b' => [
'd' => 4,
'e' => [
'f' => 5,
],
],
'c' => 3,
];
// First-level exclusion.
$result = $original;
unset($result['b']);
$this
->assertEquals(UrlHelper::filterQueryParameters($original, [
'b',
]), $result, "'b' was removed.");
// Second-level exclusion.
$result = $original;
unset($result['b']['d']);
$this
->assertEquals(UrlHelper::filterQueryParameters($original, [
'b[d]',
]), $result, "'b[d]' was removed.");
// Third-level exclusion.
$result = $original;
unset($result['b']['e']['f']);
$this
->assertEquals(UrlHelper::filterQueryParameters($original, [
'b[e][f]',
]), $result, "'b[e][f]' was removed.");
// Multiple exclusions.
$result = $original;
unset($result['a'], $result['b']['e'], $result['c']);
$this
->assertEquals(UrlHelper::filterQueryParameters($original, [
'a',
'b[e]',
'c',
]), $result, "'a', 'b[e]', 'c' were removed.");
}
/**
* Tests UrlHelper::parse().
*/
public function testDrupalParseUrl() {
// Relative, absolute, and external URLs, without/with explicit script path,
// without/with Drupal path.
foreach ([
'',
'/',
'https://www.drupal.org/',
] as $absolute) {
foreach ([
'',
'index.php/',
] as $script) {
foreach ([
'',
'foo/bar',
] as $path) {
$url = $absolute . $script . $path . '?foo=bar&bar=baz&baz#foo';
$expected = [
'path' => $absolute . $script . $path,
'query' => [
'foo' => 'bar',
'bar' => 'baz',
'baz' => '',
],
'fragment' => 'foo',
];
$this
->assertEquals($expected, UrlHelper::parse($url), 'URL parsed correctly.');
}
}
}
// Relative URL that is known to confuse parse_url().
$url = 'foo/bar:1';
$result = [
'path' => 'foo/bar:1',
'query' => [],
'fragment' => '',
];
$this
->assertEquals($result, UrlHelper::parse($url), 'Relative URL parsed correctly.');
// Test that drupal can recognize an absolute URL. Used to prevent attack vectors.
$url = 'https://www.drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
$this
->assertTrue(UrlHelper::isExternal($url), 'Correctly identified an external URL.');
// Test that UrlHelper::parse() does not allow spoofing a URL to force a malicious redirect.
$parts = UrlHelper::parse('forged:http://cwe.mitre.org/data/definitions/601.html');
$this
->assertFalse(UrlHelper::isValid($parts['path'], TRUE), '\\Drupal\\Component\\Utility\\UrlHelper::isValid() correctly parsed a forged URL.');
}
/**
* Tests external URL handling.
*/
public function testExternalUrls() {
$test_url = 'https://www.drupal.org/';
// Verify external URL can contain a fragment.
$url = $test_url . '#drupal';
$result = Url::fromUri($url)
->toString();
$this
->assertEquals($url, $result, 'External URL with fragment works without a fragment in $options.');
// Verify fragment can be overridden in an external URL.
$url = $test_url . '#drupal';
$fragment = $this
->randomMachineName(10);
$result = Url::fromUri($url, [
'fragment' => $fragment,
])
->toString();
$this
->assertEquals($test_url . '#' . $fragment, $result, 'External URL fragment is overridden with a custom fragment in $options.');
// Verify external URL can contain a query string.
$url = $test_url . '?drupal=awesome';
$result = Url::fromUri($url)
->toString();
$this
->assertEquals($url, $result);
// Verify external URL can contain a query string with an integer key.
$url = $test_url . '?120=1';
$result = Url::fromUri($url)
->toString();
$this
->assertEquals($url, $result);
// Verify external URL can be extended with a query string.
$url = $test_url;
$query = [
'awesome' => 'drupal',
];
$result = Url::fromUri($url, [
'query' => $query,
])
->toString();
$this
->assertSame('https://www.drupal.org/?awesome=drupal', $result);
// Verify query string can be extended in an external URL.
$url = $test_url . '?drupal=awesome';
$query = [
'awesome' => 'drupal',
];
$result = Url::fromUri($url, [
'query' => $query,
])
->toString();
$this
->assertEquals('https://www.drupal.org/?drupal=awesome&awesome=drupal', $result);
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
AssertContentTrait:: |
protected | property | The current raw content. | |
AssertContentTrait:: |
protected | property | The drupalSettings value from the current raw $content. | |
AssertContentTrait:: |
protected | property | The XML structure parsed from the current raw $content. | 1 |
AssertContentTrait:: |
protected | property | The plain-text content of raw $content (text nodes). | |
AssertContentTrait:: |
protected | function | Passes if the raw text IS found escaped on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name or ID. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given ID and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page by the given XPath. | |
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is checked. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page with a given Xpath result. | |
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is found. | |
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is found. | |
AssertContentTrait:: |
protected | function | Asserts that each HTML ID is used for just a single element. | |
AssertContentTrait:: |
protected | function | Passes if the raw text IS NOT found escaped on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name or ID. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given ID and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist or its value does not match, by XPath. | |
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is not checked. | |
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is not found. | |
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is not found. | |
AssertContentTrait:: |
protected | function | Passes if a link containing a given href is not found in the main region. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page does not exist. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is not checked. | |
AssertContentTrait:: |
protected | function | Triggers a pass if the perl regex pattern is not found in raw content. | |
AssertContentTrait:: |
protected | function | Passes if the raw text is NOT found on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) does not contains the text. | |
AssertContentTrait:: |
protected | function | Pass if the page title is not the given string. | |
AssertContentTrait:: |
protected | function | Passes if the text is found MORE THAN ONCE on the text version of the page. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
AssertContentTrait:: |
protected | function | Asserts that a select option with the visible text exists. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
AssertContentTrait:: |
protected | function | Triggers a pass if the Perl regex pattern is found in the raw content. | |
AssertContentTrait:: |
protected | function | Passes if the raw text IS found on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) contains the text. | |
AssertContentTrait:: |
protected | function | Helper for assertText and assertNoText. | |
AssertContentTrait:: |
protected | function | Asserts that a Perl regex pattern is found in the plain-text content. | |
AssertContentTrait:: |
protected | function | Asserts themed output. | |
AssertContentTrait:: |
protected | function | Pass if the page title is the given string. | |
AssertContentTrait:: |
protected | function | Passes if the text is found ONLY ONCE on the text version of the page. | |
AssertContentTrait:: |
protected | function | Helper for assertUniqueText and assertNoUniqueText. | |
AssertContentTrait:: |
protected | function | Builds an XPath query. | |
AssertContentTrait:: |
protected | function | Helper: Constructs an XPath for the given set of attributes and value. | |
AssertContentTrait:: |
protected | function | Searches elements using a CSS selector in the raw content. | |
AssertContentTrait:: |
protected | function | Get all option elements, including nested options, in a select. | |
AssertContentTrait:: |
protected | function | Gets the value of drupalSettings for the currently-loaded page. | |
AssertContentTrait:: |
protected | function | Gets the current raw content. | |
AssertContentTrait:: |
protected | function | Get the selected value from a select field. | |
AssertContentTrait:: |
protected | function | Retrieves the plain-text content from the current raw content. | |
AssertContentTrait:: |
protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |
AssertContentTrait:: |
protected | function | Removes all white-space between HTML tags from the raw content. | |
AssertContentTrait:: |
protected | function | Sets the value of drupalSettings for the currently-loaded page. | |
AssertContentTrait:: |
protected | function | Sets the raw content (e.g. HTML). | |
AssertContentTrait:: |
protected | function | Performs an xpath search on the contents of the internal browser. | |
ConfigTestTrait:: |
protected | function | Returns a ConfigImporter object to import test configuration. | |
ConfigTestTrait:: |
protected | function | Copies configuration objects from source storage to target storage. | |
ExtensionListTestTrait:: |
protected | function | Gets the path for the specified module. | |
ExtensionListTestTrait:: |
protected | function | Gets the path for the specified theme. | |
KernelTestBase:: |
protected | property | Back up and restore any global variables that may be changed by tests. | |
KernelTestBase:: |
protected | property | Back up and restore static class properties that may be changed by tests. | |
KernelTestBase:: |
protected | property | Contains a few static class properties for performance. | |
KernelTestBase:: |
protected | property | ||
KernelTestBase:: |
protected | property | @todo Move into Config test base class. | 3 |
KernelTestBase:: |
protected static | property | An array of config object names that are excluded from schema checking. | |
KernelTestBase:: |
protected | property | ||
KernelTestBase:: |
protected | property | ||
KernelTestBase:: |
protected | property | Do not forward any global state from the parent process to the processes that run the actual tests. | |
KernelTestBase:: |
protected | property | The app root. | |
KernelTestBase:: |
protected | property | Kernel tests are run in separate processes because they allow autoloading of code from extensions. Running the test in a separate process isolates this behavior from other tests. Subclasses should not override this property. | |
KernelTestBase:: |
protected | property | ||
KernelTestBase:: |
protected | property | Set to TRUE to strict check all configuration saved. | 4 |
KernelTestBase:: |
protected | property | The virtual filesystem root directory. | |
KernelTestBase:: |
protected | function | 1 | |
KernelTestBase:: |
protected | function | Bootstraps a basic test environment. | |
KernelTestBase:: |
private | function | Bootstraps a kernel for a test. | |
KernelTestBase:: |
protected | function | Configuration accessor for tests. Returns non-overridden configuration. | |
KernelTestBase:: |
protected | function | Disables modules for this test. | |
KernelTestBase:: |
protected | function | Enables modules for this test. | |
KernelTestBase:: |
protected | function | Gets the config schema exclusions for this test. | |
KernelTestBase:: |
protected | function | Returns the Database connection info to be used for this test. | 2 |
KernelTestBase:: |
public | function | ||
KernelTestBase:: |
private | function | Returns Extension objects for $modules to enable. | |
KernelTestBase:: |
private static | function | Returns the modules to enable for this test. | |
KernelTestBase:: |
protected | function | Initializes the FileCache component. | |
KernelTestBase:: |
protected | function | Installs default configuration for a given list of modules. | |
KernelTestBase:: |
protected | function | Installs the storage schema for a specific entity type. | |
KernelTestBase:: |
protected | function | Installs database tables from a module schema definition. | |
KernelTestBase:: |
protected | function | ||
KernelTestBase:: |
public | function |
Registers test-specific services. Overrides ServiceProviderInterface:: |
14 |
KernelTestBase:: |
protected | function | Renders a render array. | |
KernelTestBase:: |
protected | function | Sets the install profile and rebuilds the container to update it. | |
KernelTestBase:: |
protected | function | Sets an in-memory Settings variable. | |
KernelTestBase:: |
protected | function | 126 | |
KernelTestBase:: |
public static | function | ||
KernelTestBase:: |
protected | function | Sets up the filesystem, so things like the file directory. | 1 |
KernelTestBase:: |
protected | function | Stops test execution. | |
KernelTestBase:: |
protected | function | 3 | |
KernelTestBase:: |
public | function | @after | |
KernelTestBase:: |
protected | function | Dumps the current state of the virtual filesystem to STDOUT. | |
KernelTestBase:: |
public | function | Prevents serializing any properties. | |
PhpUnitWarnings:: |
private static | property | Deprecation warnings from PHPUnit to raise with @trigger_error(). | |
PhpUnitWarnings:: |
public | function | Converts PHPUnit deprecation warnings to E_USER_DEPRECATED. | |
RandomGeneratorTrait:: |
protected | property | The random generator. | |
RandomGeneratorTrait:: |
protected | function | Gets the random generator for the utility methods. | |
RandomGeneratorTrait:: |
protected | function | Generates a unique random string containing letters and numbers. | |
RandomGeneratorTrait:: |
public | function | Generates a random PHP object. | |
RandomGeneratorTrait:: |
public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |
RandomGeneratorTrait:: |
public | function | Callback for random string validation. | |
StorageCopyTrait:: |
protected static | function | Copy the configuration from one storage to another and remove stale items. | |
TestRequirementsTrait:: |
private | function | Checks missing module requirements. | |
TestRequirementsTrait:: |
protected | function | Check module requirements for the Drupal use case. | |
TestRequirementsTrait:: |
protected static | function | Returns the Drupal root directory. | |
UrlTest:: |
protected static | property |
Modules to enable. Overrides KernelTestBase:: |
|
UrlTest:: |
private | function | Checks for class existence in link. | |
UrlTest:: |
public | function | Tests UrlHelper::filterQueryParameters(). | |
UrlTest:: |
public | function | Tests UrlHelper::parse(). | |
UrlTest:: |
public | function | Tests external URL handling. | |
UrlTest:: |
public | function | Tests that default and custom attributes are handled correctly on links. | |
UrlTest:: |
public | function | Tests that #type=link bubbles outbound route/path processors' metadata. | |
UrlTest:: |
public | function | Tests that link functions support render arrays as 'text'. | |
UrlTest:: |
public | function | Confirms that invalid URLs are filtered in link generating functions. |