protected function EditorSecurityTest::setUp in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/editor/src/Tests/EditorSecurityTest.php \Drupal\editor\Tests\EditorSecurityTest::setUp()
Sets up a Drupal site for running functional and integration tests.
Installs Drupal with the installation profile specified in \Drupal\simpletest\WebTestBase::$profile into the prefixed database.
Afterwards, installs any additional modules specified in the static \Drupal\simpletest\WebTestBase::$modules property of each class in the class hierarchy.
After installation all caches are flushed and several configuration values are reset to the values of the parent site executing the test, since the default values may be incompatible with the environment in which tests are being executed.
Overrides WebTestBase::setUp
File
- core/
modules/ editor/ src/ Tests/ EditorSecurityTest.php, line 77 - Contains \Drupal\editor\Tests\EditorSecurityTest.
Class
- EditorSecurityTest
- Tests XSS protection for content creators when using text editors.
Namespace
Drupal\editor\TestsCode
protected function setUp() {
parent::setUp();
// Create 5 text formats, to cover all potential use cases:
// 1. restricted_without_editor (untrusted: anonymous)
// 2. restricted_with_editor (normal: authenticated)
// 3. restricted_plus_dangerous_tag_with_editor (privileged: trusted)
// 4. unrestricted_without_editor (privileged: admin)
// 5. unrestricted_with_editor (privileged: admin)
// With text formats 2, 3 and 5, we also associate a text editor that does
// not guarantee XSS safety. "restricted" means the text format has XSS
// filters on output, "unrestricted" means the opposite.
$format = entity_create('filter_format', array(
'format' => 'restricted_without_editor',
'name' => 'Restricted HTML, without text editor',
'weight' => 0,
'filters' => array(
// A filter of the FilterInterface::TYPE_HTML_RESTRICTOR type.
'filter_html' => array(
'status' => 1,
'settings' => array(
'allowed_html' => '<h2> <h3> <h4> <h5> <h6> <p> <br> <strong> <a>',
),
),
),
));
$format
->save();
$format = entity_create('filter_format', array(
'format' => 'restricted_with_editor',
'name' => 'Restricted HTML, with text editor',
'weight' => 1,
'filters' => array(
// A filter of the FilterInterface::TYPE_HTML_RESTRICTOR type.
'filter_html' => array(
'status' => 1,
'settings' => array(
'allowed_html' => '<h2> <h3> <h4> <h5> <h6> <p> <br> <strong> <a>',
),
),
),
));
$format
->save();
$editor = entity_create('editor', array(
'format' => 'restricted_with_editor',
'editor' => 'unicorn',
));
$editor
->save();
$format = entity_create('filter_format', array(
'format' => 'restricted_plus_dangerous_tag_with_editor',
'name' => 'Restricted HTML, dangerous tag allowed, with text editor',
'weight' => 1,
'filters' => array(
// A filter of the FilterInterface::TYPE_HTML_RESTRICTOR type.
'filter_html' => array(
'status' => 1,
'settings' => array(
'allowed_html' => '<h2> <h3> <h4> <h5> <h6> <p> <br> <strong> <a> <embed>',
),
),
),
));
$format
->save();
$editor = entity_create('editor', array(
'format' => 'restricted_plus_dangerous_tag_with_editor',
'editor' => 'unicorn',
));
$editor
->save();
$format = entity_create('filter_format', array(
'format' => 'unrestricted_without_editor',
'name' => 'Unrestricted HTML, without text editor',
'weight' => 0,
'filters' => array(),
));
$format
->save();
$format = entity_create('filter_format', array(
'format' => 'unrestricted_with_editor',
'name' => 'Unrestricted HTML, with text editor',
'weight' => 1,
'filters' => array(),
));
$format
->save();
$editor = entity_create('editor', array(
'format' => 'unrestricted_with_editor',
'editor' => 'unicorn',
));
$editor
->save();
// Create node type.
$this
->drupalCreateContentType(array(
'type' => 'article',
'name' => 'Article',
));
// Create 4 users, each with access to different text formats/editors:
// - "untrusted": restricted_without_editor
// - "normal": restricted_with_editor,
// - "trusted": restricted_plus_dangerous_tag_with_editor
// - "privileged": restricted_without_editor, restricted_with_editor,
// restricted_plus_dangerous_tag_with_editor,
// unrestricted_without_editor and unrestricted_with_editor
$this->untrustedUser = $this
->drupalCreateUser(array(
'create article content',
'edit any article content',
'use text format restricted_without_editor',
));
$this->normalUser = $this
->drupalCreateUser(array(
'create article content',
'edit any article content',
'use text format restricted_with_editor',
));
$this->trustedUser = $this
->drupalCreateUser(array(
'create article content',
'edit any article content',
'use text format restricted_plus_dangerous_tag_with_editor',
));
$this->privilegedUser = $this
->drupalCreateUser(array(
'create article content',
'edit any article content',
'use text format restricted_without_editor',
'use text format restricted_with_editor',
'use text format restricted_plus_dangerous_tag_with_editor',
'use text format unrestricted_without_editor',
'use text format unrestricted_with_editor',
));
// Create an "article" node for each possible text format, with the same
// sample content, to do our tests on.
$samples = array(
array(
'author' => $this->untrustedUser
->id(),
'format' => 'restricted_without_editor',
),
array(
'author' => $this->normalUser
->id(),
'format' => 'restricted_with_editor',
),
array(
'author' => $this->trustedUser
->id(),
'format' => 'restricted_plus_dangerous_tag_with_editor',
),
array(
'author' => $this->privilegedUser
->id(),
'format' => 'unrestricted_without_editor',
),
array(
'author' => $this->privilegedUser
->id(),
'format' => 'unrestricted_with_editor',
),
);
foreach ($samples as $sample) {
$this
->drupalCreateNode(array(
'type' => 'article',
'body' => array(
array(
'value' => self::$sampleContent,
'format' => $sample['format'],
),
),
'uid' => $sample['author'],
));
}
}