You are here

public function TwigRawTest::testAutoescape in Drupal 8

Same name and namespace in other branches
  1. 9 core/modules/system/tests/src/Kernel/Theme/TwigRawTest.php \Drupal\Tests\system\Kernel\Theme\TwigRawTest::testAutoescape()

Tests autoescaping of unsafe content.

This is one of the most important tests in Drupal itself in terms of security.

File

core/modules/system/tests/src/Kernel/Theme/TwigRawTest.php, line 40

Class

TwigRawTest
Tests Twig 'raw' filter.

Namespace

Drupal\Tests\system\Kernel\Theme

Code

public function testAutoescape() {
  $script = '<script>alert("This alert is unreal!");</script>';
  $build = [
    '#theme' => 'twig_autoescape_test',
    '#script' => $script,
  ];
  $rendered = \Drupal::service('renderer')
    ->renderRoot($build);
  $this
    ->setRawContent($rendered);
  $this
    ->assertEscaped($script);
}