You are here

public function ExceptionHandlingTest::testBacktraceEscaping in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/system/src/Tests/Routing/ExceptionHandlingTest.php \Drupal\system\Tests\Routing\ExceptionHandlingTest::testBacktraceEscaping()

Tests if exception backtraces are properly escaped when output to HTML.

File

core/modules/system/src/Tests/Routing/ExceptionHandlingTest.php, line 104
Contains \Drupal\system\Tests\Routing\ExceptionHandlingTest.

Class

ExceptionHandlingTest
Tests the exception handling for various cases.

Namespace

Drupal\system\Tests\Routing

Code

public function testBacktraceEscaping() {

  // Enable verbose error logging.
  $this
    ->config('system.logging')
    ->set('error_level', ERROR_REPORTING_DISPLAY_VERBOSE)
    ->save();
  $request = Request::create('/router_test/test17');
  $request
    ->setFormat('html', [
    'text/html',
  ]);

  /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
  $kernel = \Drupal::getContainer()
    ->get('http_kernel');
  $response = $kernel
    ->handle($request)
    ->prepare($request);
  $this
    ->assertEqual($response
    ->getStatusCode(), Response::HTTP_INTERNAL_SERVER_ERROR);
  $this
    ->assertEqual($response->headers
    ->get('Content-type'), 'text/html; charset=UTF-8');

  // Test both that the backtrace is properly escaped, and that the unescaped
  // string is not output at all.
  $this
    ->assertTrue(strpos($response
    ->getContent(), Html::escape('<script>alert(\'xss\')</script>')) !== FALSE);
  $this
    ->assertTrue(strpos($response
    ->getContent(), '<script>alert(\'xss\')</script>') === FALSE);
}