class ExternalFormUrlTest in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/system/src/Tests/Form/ExternalFormUrlTest.php \Drupal\system\Tests\Form\ExternalFormUrlTest
Ensures that form actions can't be tricked into sending to external URLs.
@group system
Hierarchy
- class \Drupal\simpletest\TestBase uses AssertHelperTrait, RandomGeneratorTrait, SessionTestTrait- class \Drupal\simpletest\KernelTestBase uses AssertContentTrait- class \Drupal\system\Tests\Form\ExternalFormUrlTest implements FormInterface
 
 
- class \Drupal\simpletest\KernelTestBase uses AssertContentTrait
Expanded class hierarchy of ExternalFormUrlTest
File
- core/modules/ system/ src/ Tests/ Form/ ExternalFormUrlTest.php, line 21 
- Contains \Drupal\system\Tests\Form\ExternalFormUrlTest.
Namespace
Drupal\system\Tests\FormView source
class ExternalFormUrlTest extends KernelTestBase implements FormInterface {
  /**
   * {@inheritdoc}
   */
  public static $modules = [
    'user',
    'system',
  ];
  /**
   * {@inheritdoc}
   */
  public function getFormId() {
    return 'external_form_url_test';
  }
  /**
   * {@inheritdoc}
   */
  public function buildForm(array $form, FormStateInterface $form_state) {
    $form['something'] = [
      '#type' => 'textfield',
      '#title' => 'What do you think?',
    ];
    return $form;
  }
  /**
   * {@inheritdoc}
   */
  public function validateForm(array &$form, FormStateInterface $form_state) {
  }
  /**
   * {@inheritdoc}
   */
  public function submitForm(array &$form, FormStateInterface $form_state) {
  }
  /**
   * {@inheritdoc}
   */
  protected function setUp() {
    parent::setUp();
    $this
      ->installSchema('system', [
      'key_value_expire',
      'sequences',
    ]);
    $this
      ->installEntitySchema('user');
    $test_user = User::create([
      'name' => 'foobar',
      'mail' => 'foobar@example.com',
    ]);
    $test_user
      ->save();
    \Drupal::service('current_user')
      ->setAccount($test_user);
  }
  /**
   * Tests form behaviour.
   */
  public function testActionUrlBehavior() {
    // Create a new request which has a request uri with multiple leading
    // slashes and make it the master request.
    $request_stack = \Drupal::service('request_stack');
    $original_request = $request_stack
      ->pop();
    $request = Request::create($original_request
      ->getSchemeAndHttpHost() . '//example.org');
    $request_stack
      ->push($request);
    $form = \Drupal::formBuilder()
      ->getForm($this);
    $markup = \Drupal::service('renderer')
      ->renderRoot($form);
    $this
      ->setRawContent($markup);
    $elements = $this
      ->xpath('//form/@action');
    $action = (string) $elements[0];
    $this
      ->assertEqual($original_request
      ->getSchemeAndHttpHost() . '//example.org', $action);
    // Create a new request which has a request uri with a single leading slash
    // and make it the master request.
    $request_stack = \Drupal::service('request_stack');
    $original_request = $request_stack
      ->pop();
    $request = Request::create($original_request
      ->getSchemeAndHttpHost() . '/example.org');
    $request_stack
      ->push($request);
    $form = \Drupal::formBuilder()
      ->getForm($this);
    $markup = \Drupal::service('renderer')
      ->renderRoot($form);
    $this
      ->setRawContent($markup);
    $elements = $this
      ->xpath('//form/@action');
    $action = (string) $elements[0];
    $this
      ->assertEqual('/example.org', $action);
  }
}Members
| Name   | Modifiers | Type | Description | Overrides | 
|---|---|---|---|---|
| AssertContentTrait:: | protected | property | The current raw content. | |
| AssertContentTrait:: | protected | property | The drupalSettings value from the current raw $content. | |
| AssertContentTrait:: | protected | property | The XML structure parsed from the current raw $content. | 2 | 
| AssertContentTrait:: | protected | property | The plain-text content of raw $content (text nodes). | |
| AssertContentTrait:: | protected | function | Passes if the raw text IS found escaped on the loaded page, fail otherwise. | |
| AssertContentTrait:: | protected | function | Asserts that a field exists with the given name or ID. | |
| AssertContentTrait:: | protected | function | Asserts that a field exists with the given ID and value. | |
| AssertContentTrait:: | protected | function | Asserts that a field exists with the given name and value. | |
| AssertContentTrait:: | protected | function | Asserts that a field exists in the current page by the given XPath. | |
| AssertContentTrait:: | protected | function | Asserts that a checkbox field in the current page is checked. | |
| AssertContentTrait:: | protected | function | Asserts that a field exists in the current page with a given Xpath result. | |
| AssertContentTrait:: | protected | function | Passes if a link with the specified label is found. | |
| AssertContentTrait:: | protected | function | Passes if a link containing a given href (part) is found. | |
| AssertContentTrait:: | protected | function | Asserts that each HTML ID is used for just a single element. | |
| AssertContentTrait:: | protected | function | Passes if the raw text IS NOT found escaped on the loaded page, fail otherwise. | |
| AssertContentTrait:: | protected | function | Asserts that a field does not exist with the given name or ID. | |
| AssertContentTrait:: | protected | function | Asserts that a field does not exist with the given ID and value. | |
| AssertContentTrait:: | protected | function | Asserts that a field does not exist with the given name and value. | |
| AssertContentTrait:: | protected | function | Asserts that a field does not exist or its value does not match, by XPath. | |
| AssertContentTrait:: | protected | function | Asserts that a checkbox field in the current page is not checked. | |
| AssertContentTrait:: | protected | function | Passes if a link with the specified label is not found. | |
| AssertContentTrait:: | protected | function | Passes if a link containing a given href (part) is not found. | |
| AssertContentTrait:: | protected | function | Passes if a link containing a given href is not found in the main region. | |
| AssertContentTrait:: | protected | function | Asserts that a select option in the current page does not exist. | |
| AssertContentTrait:: | protected | function | Asserts that a select option in the current page is not checked. | |
| AssertContentTrait:: | protected | function | Triggers a pass if the perl regex pattern is not found in raw content. | |
| AssertContentTrait:: | protected | function | Passes if the raw text is NOT found on the loaded page, fail otherwise. | |
| AssertContentTrait:: | protected | function | Passes if the page (with HTML stripped) does not contains the text. | |
| AssertContentTrait:: | protected | function | Pass if the page title is not the given string. | |
| AssertContentTrait:: | protected | function | Passes if the text is found MORE THAN ONCE on the text version of the page. | |
| AssertContentTrait:: | protected | function | Asserts that a select option in the current page exists. | |
| AssertContentTrait:: | protected | function | Asserts that a select option in the current page is checked. | |
| AssertContentTrait:: | protected | function | Asserts that a select option in the current page is checked. | |
| AssertContentTrait:: | protected | function | Asserts that a select option in the current page exists. | |
| AssertContentTrait:: | protected | function | Triggers a pass if the Perl regex pattern is found in the raw content. | |
| AssertContentTrait:: | protected | function | Passes if the raw text IS found on the loaded page, fail otherwise. | |
| AssertContentTrait:: | protected | function | Passes if the page (with HTML stripped) contains the text. | |
| AssertContentTrait:: | protected | function | Helper for assertText and assertNoText. | |
| AssertContentTrait:: | protected | function | Asserts that a Perl regex pattern is found in the plain-text content. | |
| AssertContentTrait:: | protected | function | Asserts themed output. | |
| AssertContentTrait:: | protected | function | Pass if the page title is the given string. | |
| AssertContentTrait:: | protected | function | Passes if the text is found ONLY ONCE on the text version of the page. | |
| AssertContentTrait:: | protected | function | Helper for assertUniqueText and assertNoUniqueText. | |
| AssertContentTrait:: | protected | function | Builds an XPath query. | |
| AssertContentTrait:: | protected | function | Helper: Constructs an XPath for the given set of attributes and value. | |
| AssertContentTrait:: | protected | function | Searches elements using a CSS selector in the raw content. | |
| AssertContentTrait:: | protected | function | Get all option elements, including nested options, in a select. | |
| AssertContentTrait:: | protected | function | Gets the value of drupalSettings for the currently-loaded page. | |
| AssertContentTrait:: | protected | function | Gets the current raw content. | |
| AssertContentTrait:: | protected | function | Get the selected value from a select field. | |
| AssertContentTrait:: | protected | function | Retrieves the plain-text content from the current raw content. | |
| AssertContentTrait:: | protected | function | Get the current URL from the cURL handler. | 1 | 
| AssertContentTrait:: | protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |
| AssertContentTrait:: | protected | function | Removes all white-space between HTML tags from the raw content. | |
| AssertContentTrait:: | protected | function | Sets the value of drupalSettings for the currently-loaded page. | |
| AssertContentTrait:: | protected | function | Sets the raw content (e.g. HTML). | |
| AssertContentTrait:: | protected | function | Performs an xpath search on the contents of the internal browser. | |
| AssertHelperTrait:: | protected | function | Casts MarkupInterface objects into strings. | |
| ExternalFormUrlTest:: | public static | property | Modules to enable. Overrides KernelTestBase:: | |
| ExternalFormUrlTest:: | public | function | Form constructor. Overrides FormInterface:: | |
| ExternalFormUrlTest:: | public | function | Returns a unique string identifying the form. Overrides FormInterface:: | |
| ExternalFormUrlTest:: | protected | function | Performs setup tasks before each individual test method is run. Overrides KernelTestBase:: | |
| ExternalFormUrlTest:: | public | function | Form submission handler. Overrides FormInterface:: | |
| ExternalFormUrlTest:: | public | function | Tests form behaviour. | |
| ExternalFormUrlTest:: | public | function | Form validation handler. Overrides FormInterface:: | |
| KernelTestBase:: | protected | property | The configuration directories for this test run. | |
| KernelTestBase:: | protected | property | A KeyValueMemoryFactory instance to use when building the container. | |
| KernelTestBase:: | private | property | ||
| KernelTestBase:: | protected | property | Array of registered stream wrappers. | |
| KernelTestBase:: | private | property | ||
| KernelTestBase:: | protected | function | Act on global state information before the environment is altered for a test. Overrides TestBase:: | |
| KernelTestBase:: | public | function | Sets up the base service container for this test. | 12 | 
| KernelTestBase:: | protected | function | Provides the data for setting the default language on the container. | 1 | 
| KernelTestBase:: | protected | function | Disables modules for this test. | |
| KernelTestBase:: | protected | function | Enables modules for this test. | |
| KernelTestBase:: | protected | function | Installs default configuration for a given list of modules. | |
| KernelTestBase:: | protected | function | Installs the storage schema for a specific entity type. | |
| KernelTestBase:: | protected | function | Installs a specific table from a module schema definition. | |
| KernelTestBase:: | protected | function | Create and set new configuration directories. | 1 | 
| KernelTestBase:: | protected | function | Registers a stream wrapper for this test. | |
| KernelTestBase:: | protected | function | Renders a render array. | |
| KernelTestBase:: | protected | function | Performs cleanup tasks after each individual test method has been run. Overrides TestBase:: | |
| KernelTestBase:: | function | Constructor for Test. Overrides TestBase:: | ||
| RandomGeneratorTrait:: | protected | property | The random generator. | |
| RandomGeneratorTrait:: | protected | function | Gets the random generator for the utility methods. | |
| RandomGeneratorTrait:: | protected | function | Generates a unique random string containing letters and numbers. | |
| RandomGeneratorTrait:: | public | function | Generates a random PHP object. | |
| RandomGeneratorTrait:: | public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |
| RandomGeneratorTrait:: | public | function | Callback for random string validation. | |
| SessionTestTrait:: | protected | property | The name of the session cookie. | |
| SessionTestTrait:: | protected | function | Generates a session cookie name. | |
| SessionTestTrait:: | protected | function | Returns the session name in use on the child site. | |
| TestBase:: | protected | property | Assertions thrown in that test case. | |
| TestBase:: | protected | property | The config importer that can used in a test. | 5 | 
| TestBase:: | protected static | property | An array of config object names that are excluded from schema checking. | |
| TestBase:: | protected | property | The dependency injection container used in the test. | |
| TestBase:: | protected | property | The database prefix of this test run. | |
| TestBase:: | public | property | Whether to die in case any test assertion fails. | |
| TestBase:: | protected | property | HTTP authentication credentials (<username>:<password>). | |
| TestBase:: | protected | property | HTTP authentication method (specified as a CURLAUTH_* constant). | |
| TestBase:: | protected | property | The DrupalKernel instance used in the test. | 1 | 
| TestBase:: | protected | property | The original configuration (variables), if available. | |
| TestBase:: | protected | property | The original configuration (variables). | |
| TestBase:: | protected | property | The original configuration directories. | |
| TestBase:: | protected | property | The original container. | |
| TestBase:: | protected | property | The original file directory, before it was changed for testing purposes. | |
| TestBase:: | protected | property | The original language. | |
| TestBase:: | protected | property | The original database prefix when running inside Simpletest. | |
| TestBase:: | protected | property | The original installation profile. | |
| TestBase:: | protected | property | The name of the session cookie of the test-runner. | |
| TestBase:: | protected | property | The settings array. | |
| TestBase:: | protected | property | The original array of shutdown function callbacks. | 1 | 
| TestBase:: | protected | property | The site directory of the original parent site. | |
| TestBase:: | protected | property | The original user, before testing began. | 1 | 
| TestBase:: | protected | property | The private file directory for the test environment. | |
| TestBase:: | protected | property | The public file directory for the test environment. | |
| TestBase:: | public | property | Current results of this test case. | |
| TestBase:: | protected | property | The site directory of this test run. | |
| TestBase:: | protected | property | This class is skipped when looking for the source of an assertion. | |
| TestBase:: | protected | property | Set to TRUE to strict check all configuration saved. | 4 | 
| TestBase:: | protected | property | The temporary file directory for the test environment. | |
| TestBase:: | protected | property | The test run ID. | |
| TestBase:: | protected | property | Time limit for the test. | |
| TestBase:: | protected | property | The translation file directory for the test environment. | |
| TestBase:: | public | property | TRUE if verbose debugging is enabled. | |
| TestBase:: | protected | property | Safe class name for use in verbose output filenames. | |
| TestBase:: | protected | property | Directory where verbose output files are put. | |
| TestBase:: | protected | property | URL to the verbose output file directory. | |
| TestBase:: | protected | property | Incrementing identifier for verbose output filenames. | |
| TestBase:: | protected | function | Internal helper: stores the assert. | |
| TestBase:: | protected | function | Check to see if two values are equal. | |
| TestBase:: | protected | function | Asserts that a specific error has been logged to the PHP error log. | |
| TestBase:: | protected | function | Check to see if a value is false. | |
| TestBase:: | protected | function | Check to see if two values are identical. | |
| TestBase:: | protected | function | Checks to see if two objects are identical. | |
| TestBase:: | protected | function | Asserts that no errors have been logged to the PHP error.log thus far. | |
| TestBase:: | protected | function | Check to see if two values are not equal. | |
| TestBase:: | protected | function | Check to see if two values are not identical. | |
| TestBase:: | protected | function | Check to see if a value is not NULL. | |
| TestBase:: | protected | function | Check to see if a value is NULL. | |
| TestBase:: | protected | function | Check to see if a value is not false. | |
| TestBase:: | private | function | Changes the database connection to the prefixed one. | |
| TestBase:: | protected | function | Checks the matching requirements for Test. | 2 | 
| TestBase:: | protected | function | Configuration accessor for tests. Returns non-overridden configuration. | |
| TestBase:: | public | function | Returns a ConfigImporter object to import test importing of configuration. | 5 | 
| TestBase:: | public | function | Copies configuration objects from source storage to target storage. | |
| TestBase:: | public static | function | Delete an assertion record by message ID. | |
| TestBase:: | protected | function | Fire an error assertion. | 3 | 
| TestBase:: | public | function | Handle errors during test runs. | |
| TestBase:: | protected | function | Handle exceptions. | |
| TestBase:: | protected | function | Fire an assertion that is always negative. | |
| TestBase:: | public static | function | Ensures test files are deletable within file_unmanaged_delete_recursive(). | |
| TestBase:: | public static | function | Converts a list of possible parameters into a stack of permutations. | |
| TestBase:: | protected | function | Cycles through backtrace until the first non-assertion method is found. | |
| TestBase:: | protected | function | Gets the config schema exclusions for this test. | |
| TestBase:: | public static | function | Returns the database connection to the site running Simpletest. | |
| TestBase:: | public | function | Gets the database prefix. | |
| TestBase:: | public | function | Gets the temporary files directory. | |
| TestBase:: | public static | function | Store an assertion from outside the testing context. | |
| TestBase:: | protected | function | Fire an assertion that is always positive. | |
| TestBase:: | private | function | Generates a database prefix for running tests. | |
| TestBase:: | private | function | Prepares the current environment for running the test. | |
| TestBase:: | private | function | Cleans up the test environment and restores the original environment. | |
| TestBase:: | public | function | Run all tests in this class. | 1 | 
| TestBase:: | protected | function | Changes in memory settings. | |
| TestBase:: | protected | function | Helper method to store an assertion record in the configured database. | |
| TestBase:: | protected | function | Logs a verbose message in a text file. | 
