XssUnitTest.php in Drupal 9
File
core/tests/Drupal/KernelTests/Core/Common/XssUnitTest.php
View source
<?php
namespace Drupal\KernelTests\Core\Common;
use Drupal\Component\Utility\UrlHelper;
use Drupal\KernelTests\KernelTestBase;
class XssUnitTest extends KernelTestBase {
protected static $modules = [
'filter',
'system',
];
protected function setUp() : void {
parent::setUp();
$this
->installConfig([
'system',
]);
}
public function testT() {
$text = t('Simple text');
$this
->assertEquals('Simple text', $text, 't leaves simple text alone.');
$text = t('Escaped text: @value', [
'@value' => '<script>',
]);
$this
->assertEquals('Escaped text: <script>', $text, 't replaces and escapes string.');
$text = t('Placeholder text: %value', [
'%value' => '<script>',
]);
$this
->assertEquals('Placeholder text: <em class="placeholder"><script></em>', $text, 't replaces, escapes and themes string.');
}
public function testBadProtocolStripping() {
$url = 'javascript:http://www.example.com/?x=1&y=2';
$expected_plain = 'http://www.example.com/?x=1&y=2';
$expected_html = 'http://www.example.com/?x=1&y=2';
$this
->assertSame($expected_html, UrlHelper::filterBadProtocol($url), '\\Drupal\\Component\\Utility\\UrlHelper::filterBadProtocol() filters a URL and encodes it for HTML.');
$this
->assertSame($expected_plain, UrlHelper::stripDangerousProtocols($url), '\\Drupal\\Component\\Utility\\UrlHelper::stripDangerousProtocols() filters a URL and returns plain text.');
}
}