public function ExceptionHandlingTest::testBacktraceEscaping in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/system/src/Tests/Routing/ExceptionHandlingTest.php \Drupal\system\Tests\Routing\ExceptionHandlingTest::testBacktraceEscaping()
Tests if exception backtraces are properly escaped when output to HTML.
File
- core/
modules/ system/ src/ Tests/ Routing/ ExceptionHandlingTest.php, line 104 - Contains \Drupal\system\Tests\Routing\ExceptionHandlingTest.
Class
- ExceptionHandlingTest
- Tests the exception handling for various cases.
Namespace
Drupal\system\Tests\RoutingCode
public function testBacktraceEscaping() {
// Enable verbose error logging.
$this
->config('system.logging')
->set('error_level', ERROR_REPORTING_DISPLAY_VERBOSE)
->save();
$request = Request::create('/router_test/test17');
$request
->setFormat('html', [
'text/html',
]);
/** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
$kernel = \Drupal::getContainer()
->get('http_kernel');
$response = $kernel
->handle($request)
->prepare($request);
$this
->assertEqual($response
->getStatusCode(), Response::HTTP_INTERNAL_SERVER_ERROR);
$this
->assertEqual($response->headers
->get('Content-type'), 'text/html; charset=UTF-8');
// Test both that the backtrace is properly escaped, and that the unescaped
// string is not output at all.
$this
->assertTrue(strpos($response
->getContent(), Html::escape('<script>alert(\'xss\')</script>')) !== FALSE);
$this
->assertTrue(strpos($response
->getContent(), '<script>alert(\'xss\')</script>') === FALSE);
}