You are here

public function TwigRawTest::testAutoescape in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/system/src/Tests/Theme/TwigRawTest.php \Drupal\system\Tests\Theme\TwigRawTest::testAutoescape()

Tests autoescaping of unsafe content.

This is one of the most important tests in Drupal itself in terms of security.

File

core/modules/system/src/Tests/Theme/TwigRawTest.php, line 45
Contains \Drupal\system\Tests\Theme\TwigRawTest.

Class

TwigRawTest
Tests Twig 'raw' filter.

Namespace

Drupal\system\Tests\Theme

Code

public function testAutoescape() {
  $script = '<script>alert("This alert is unreal!");</script>';
  $build = [
    '#theme' => 'twig_autoescape_test',
    '#script' => $script,
  ];
  $rendered = \Drupal::service('renderer')
    ->renderRoot($build);
  $this
    ->setRawContent($rendered);
  $this
    ->assertEscaped($script);
}