public function XssUnitTest::testBadProtocolStripping in Drupal 8
Same name and namespace in other branches
- 9 core/tests/Drupal/KernelTests/Core/Common/XssUnitTest.php \Drupal\KernelTests\Core\Common\XssUnitTest::testBadProtocolStripping()
- 10 core/tests/Drupal/KernelTests/Core/Common/XssUnitTest.php \Drupal\KernelTests\Core\Common\XssUnitTest::testBadProtocolStripping()
Checks that harmful protocols are stripped.
File
- core/
tests/ Drupal/ KernelTests/ Core/ Common/ XssUnitTest.php, line 43
Class
- XssUnitTest
- Confirm that \Drupal\Component\Utility\Xss::filter() and check_url() work correctly, including invalid multi-byte sequences.
Namespace
Drupal\KernelTests\Core\CommonCode
public function testBadProtocolStripping() {
// Ensure that check_url() strips out harmful protocols, and encodes for
// HTML.
// Ensure \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() can
// be used to return a plain-text string stripped of harmful protocols.
$url = 'javascript:http://www.example.com/?x=1&y=2';
$expected_plain = 'http://www.example.com/?x=1&y=2';
$expected_html = 'http://www.example.com/?x=1&y=2';
$this
->assertIdentical(UrlHelper::filterBadProtocol($url), $expected_html, '\\Drupal\\Component\\Utility\\UrlHelper::filterBadProtocol() filters a URL and encodes it for HTML.');
$this
->assertIdentical(UrlHelper::stripDangerousProtocols($url), $expected_plain, '\\Drupal\\Component\\Utility\\UrlHelper::stripDangerousProtocols() filters a URL and returns plain text.');
}