public function RequestSanitizerTest::providerTestAcceptableDestinations in Drupal 9

Same name and namespace in other branches

8 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestAcceptableDestinations()
10 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestAcceptableDestinations()

Data provider for testing acceptable destinations.

File

core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php, line 315

Class

RequestSanitizerTest: Tests RequestSanitizer class.

Namespace

Drupal\Tests\Core\Security

Code

public function providerTestAcceptableDestinations() {
  $data = [];

  // Standard internal example node path is present in the 'destination'
  // parameter.
  $data[] = [
    'node',
  ];

  // Internal path with one leading slash is allowed.
  $data[] = [
    '/example.com',
  ];

  // Internal URL using a colon is allowed.
  $data[] = [
    'example:test',
  ];

  // JavaScript URL is allowed because it is treated as an internal URL.
  $data[] = [
    'javascript:alert(0)',
  ];
  return $data;
}

You are here

public function RequestSanitizerTest::providerTestAcceptableDestinations in Drupal 9

File

Class

Namespace

Code

API Navigation