function SafeMarkupTest::providerFormat in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php \Drupal\Tests\Component\Utility\SafeMarkupTest::providerFormat()
Data provider for testFormat().
See also
testFormat()
File
- core/
tests/ Drupal/ Tests/ Component/ Utility/ SafeMarkupTest.php, line 153 - Contains \Drupal\Tests\Component\Utility\SafeMarkupTest.
Class
- SafeMarkupTest
- Tests marking strings as safe.
Namespace
Drupal\Tests\Component\UtilityCode
function providerFormat() {
$tests[] = array(
'Simple text',
array(),
'Simple text',
'SafeMarkup::format leaves simple text alone.',
TRUE,
);
$tests[] = array(
'Escaped text: @value',
array(
'@value' => '<script>',
),
'Escaped text: <script>',
'SafeMarkup::format replaces and escapes string.',
TRUE,
);
$tests[] = array(
'Escaped text: @value',
array(
'@value' => SafeMarkupTestMarkup::create('<span>Safe HTML</span>'),
),
'Escaped text: <span>Safe HTML</span>',
'SafeMarkup::format does not escape an already safe string.',
TRUE,
);
$tests[] = array(
'Placeholder text: %value',
array(
'%value' => '<script>',
),
'Placeholder text: <em class="placeholder"><script></em>',
'SafeMarkup::format replaces, escapes and themes string.',
TRUE,
);
$tests[] = array(
'Placeholder text: %value',
array(
'%value' => SafeMarkupTestMarkup::create('<span>Safe HTML</span>'),
),
'Placeholder text: <em class="placeholder"><span>Safe HTML</span></em>',
'SafeMarkup::format does not escape an already safe string themed as a placeholder.',
TRUE,
);
$tests['javascript-protocol-url'] = [
'Simple text <a href=":url">giraffe</a>',
[
':url' => 'javascript://example.com?foo&bar',
],
'Simple text <a href="//example.com?foo&bar">giraffe</a>',
'Support for filtering bad protocols',
TRUE,
];
$tests['external-url'] = [
'Simple text <a href=":url">giraffe</a>',
[
':url' => 'http://example.com?foo&bar',
],
'Simple text <a href="http://example.com?foo&bar">giraffe</a>',
'Support for filtering bad protocols',
TRUE,
];
$tests['relative-url'] = [
'Simple text <a href=":url">giraffe</a>',
[
':url' => '/node/1?foo&bar',
],
'Simple text <a href="/node/1?foo&bar">giraffe</a>',
'Support for filtering bad protocols',
TRUE,
];
$tests['fragment-with-special-chars'] = [
'Simple text <a href=":url">giraffe</a>',
[
':url' => 'http://example.com/#<',
],
'Simple text <a href="http://example.com/#&lt;">giraffe</a>',
'Support for filtering bad protocols',
TRUE,
];
$tests['mailto-protocol'] = [
'Hey giraffe <a href=":url">MUUUH</a>',
[
':url' => 'mailto:test@example.com',
],
'Hey giraffe <a href="mailto:test@example.com">MUUUH</a>',
'',
TRUE,
];
$tests['js-with-fromCharCode'] = [
'Hey giraffe <a href=":url">MUUUH</a>',
[
':url' => "javascript:alert(String.fromCharCode(88,83,83))",
],
'Hey giraffe <a href="alert(String.fromCharCode(88,83,83))">MUUUH</a>',
'',
TRUE,
];
// Test some "URL" values that are not RFC 3986 compliant URLs. The result
// of SafeMarkup::format() should still be valid HTML (other than the
// value of the "href" attribute not being a valid URL), and not
// vulnerable to XSS.
$tests['non-url-with-colon'] = [
'Hey giraffe <a href=":url">MUUUH</a>',
[
':url' => "llamas: they are not URLs",
],
'Hey giraffe <a href=" they are not URLs">MUUUH</a>',
'',
TRUE,
];
$tests['non-url-with-html'] = [
'Hey giraffe <a href=":url">MUUUH</a>',
[
':url' => "<span>not a url</span>",
],
'Hey giraffe <a href="<span>not a url</span>">MUUUH</a>',
'',
TRUE,
];
return $tests;
}