public function ExternalFormUrlTest::testActionUrlBehavior in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/system/src/Tests/Form/ExternalFormUrlTest.php \Drupal\system\Tests\Form\ExternalFormUrlTest::testActionUrlBehavior()
Tests form behaviour.
File
- core/
modules/ system/ src/ Tests/ Form/ ExternalFormUrlTest.php, line 76 - Contains \Drupal\system\Tests\Form\ExternalFormUrlTest.
Class
- ExternalFormUrlTest
- Ensures that form actions can't be tricked into sending to external URLs.
Namespace
Drupal\system\Tests\FormCode
public function testActionUrlBehavior() {
// Create a new request which has a request uri with multiple leading
// slashes and make it the master request.
$request_stack = \Drupal::service('request_stack');
$original_request = $request_stack
->pop();
$request = Request::create($original_request
->getSchemeAndHttpHost() . '//example.org');
$request_stack
->push($request);
$form = \Drupal::formBuilder()
->getForm($this);
$markup = \Drupal::service('renderer')
->renderRoot($form);
$this
->setRawContent($markup);
$elements = $this
->xpath('//form/@action');
$action = (string) $elements[0];
$this
->assertEqual($original_request
->getSchemeAndHttpHost() . '//example.org', $action);
// Create a new request which has a request uri with a single leading slash
// and make it the master request.
$request_stack = \Drupal::service('request_stack');
$original_request = $request_stack
->pop();
$request = Request::create($original_request
->getSchemeAndHttpHost() . '/example.org');
$request_stack
->push($request);
$form = \Drupal::formBuilder()
->getForm($this);
$markup = \Drupal::service('renderer')
->renderRoot($form);
$this
->setRawContent($markup);
$elements = $this
->xpath('//form/@action');
$action = (string) $elements[0];
$this
->assertEqual('/example.org', $action);
}