You are here

Home » API reference » Zircon Profile 8 » RedirectResponseSubscriberTest.php » RedirectResponseSubscriberTest

public function RedirectResponseSubscriberTest::providerTestSanitizeDestination in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/tests/Drupal/Tests/Core/EventSubscriber/RedirectResponseSubscriberTest.php \Drupal\Tests\Core\EventSubscriber\RedirectResponseSubscriberTest::providerTestSanitizeDestination()

Data provider for testSanitizeDestination().

File

core/tests/Drupal/Tests/Core/EventSubscriber/RedirectResponseSubscriberTest.php, line 257
Contains \Drupal\Tests\Core\EventSubscriber\RedirectResponseSubscriberTest.

Class

RedirectResponseSubscriberTest
@coversDefaultClass \Drupal\Core\EventSubscriber\RedirectResponseSubscriber @group EventSubscriber

Namespace

Drupal\Tests\Core\EventSubscriber

Code

public function providerTestSanitizeDestination() {
  $data = [];

  // Standard internal example node path is present in the 'destination'
  // parameter.
  $data[] = [
    'node',
    'node',
  ];

  // Internal path with one leading slash is allowed.
  $data[] = [
    '/example.com',
    '/example.com',
  ];

  // External URL without scheme is not allowed.
  $data[] = [
    '//example.com/test',
    '',
  ];

  // Internal URL using a colon is allowed.
  $data[] = [
    'example:test',
    'example:test',
  ];

  // External URL is not allowed.
  $data[] = [
    'http://example.com',
    '',
  ];

  // Javascript URL is allowed because it is treated as an internal URL.
  $data[] = [
    'javascript:alert(0)',
    'javascript:alert(0)',
  ];
  return $data;
}