|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\KernelTests\Component\Utility;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\Component\Utility\SafeMarkup;
|
|
Chris@0
|
6 use Drupal\Core\Url;
|
|
Chris@0
|
7 use Drupal\KernelTests\KernelTestBase;
|
|
Chris@0
|
8
|
|
Chris@0
|
9 /**
|
|
Chris@0
|
10 * Provides a test covering integration of SafeMarkup with other systems.
|
|
Chris@0
|
11 *
|
|
Chris@0
|
12 * @group Utility
|
|
Chris@0
|
13 */
|
|
Chris@0
|
14 class SafeMarkupKernelTest extends KernelTestBase {
|
|
Chris@0
|
15
|
|
Chris@0
|
16 /**
|
|
Chris@0
|
17 * {@inheritdoc}
|
|
Chris@0
|
18 */
|
|
Chris@0
|
19 public static $modules = ['system'];
|
|
Chris@0
|
20
|
|
Chris@0
|
21 /**
|
|
Chris@0
|
22 * {@inheritdoc}
|
|
Chris@0
|
23 */
|
|
Chris@0
|
24 protected function setUp() {
|
|
Chris@0
|
25 parent::setUp();
|
|
Chris@0
|
26
|
|
Chris@0
|
27 $this->container->get('router.builder')->rebuild();
|
|
Chris@0
|
28 }
|
|
Chris@0
|
29
|
|
Chris@0
|
30 /**
|
|
Chris@0
|
31 * Gets arguments for SafeMarkup::format() based on Url::fromUri() parameters.
|
|
Chris@0
|
32 *
|
|
Chris@0
|
33 * @param string $uri
|
|
Chris@0
|
34 * The URI of the resource.
|
|
Chris@0
|
35 * @param array $options
|
|
Chris@0
|
36 * The options to pass to Url::fromUri().
|
|
Chris@0
|
37 *
|
|
Chris@0
|
38 * @return array
|
|
Chris@0
|
39 * Array containing:
|
|
Chris@0
|
40 * - ':url': A URL string.
|
|
Chris@0
|
41 */
|
|
Chris@0
|
42 protected static function getSafeMarkupUriArgs($uri, $options = []) {
|
|
Chris@0
|
43 $args[':url'] = Url::fromUri($uri, $options)->toString();
|
|
Chris@0
|
44 return $args;
|
|
Chris@0
|
45 }
|
|
Chris@0
|
46
|
|
Chris@0
|
47 /**
|
|
Chris@0
|
48 * Tests URL ":placeholders" in SafeMarkup::format().
|
|
Chris@0
|
49 *
|
|
Chris@0
|
50 * @dataProvider providerTestSafeMarkupUri
|
|
Chris@0
|
51 */
|
|
Chris@0
|
52 public function testSafeMarkupUri($string, $uri, $options, $expected) {
|
|
Chris@0
|
53 $args = self::getSafeMarkupUriArgs($uri, $options);
|
|
Chris@0
|
54 $this->assertEquals($expected, SafeMarkup::format($string, $args));
|
|
Chris@0
|
55 }
|
|
Chris@0
|
56
|
|
Chris@0
|
57 /**
|
|
Chris@0
|
58 * @return array
|
|
Chris@0
|
59 */
|
|
Chris@0
|
60 public function providerTestSafeMarkupUri() {
|
|
Chris@0
|
61 $data = [];
|
|
Chris@0
|
62 $data['routed-url'] = [
|
|
Chris@0
|
63 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
64 'route:system.admin',
|
|
Chris@0
|
65 [],
|
|
Chris@0
|
66 'Hey giraffe <a href="/admin">MUUUH</a>',
|
|
Chris@0
|
67 ];
|
|
Chris@0
|
68 $data['routed-with-query'] = [
|
|
Chris@0
|
69 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
70 'route:system.admin',
|
|
Chris@0
|
71 ['query' => ['bar' => 'baz#']],
|
|
Chris@0
|
72 'Hey giraffe <a href="/admin?bar=baz%23">MUUUH</a>',
|
|
Chris@0
|
73 ];
|
|
Chris@0
|
74 $data['routed-with-fragment'] = [
|
|
Chris@0
|
75 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
76 'route:system.admin',
|
|
Chris@0
|
77 ['fragment' => 'bar<'],
|
|
Chris@0
|
78 'Hey giraffe <a href="/admin#bar&lt;">MUUUH</a>',
|
|
Chris@0
|
79 ];
|
|
Chris@0
|
80 $data['unrouted-url'] = [
|
|
Chris@0
|
81 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
82 'base://foo',
|
|
Chris@0
|
83 [],
|
|
Chris@0
|
84 'Hey giraffe <a href="/foo">MUUUH</a>',
|
|
Chris@0
|
85 ];
|
|
Chris@0
|
86 $data['unrouted-with-query'] = [
|
|
Chris@0
|
87 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
88 'base://foo',
|
|
Chris@0
|
89 ['query' => ['bar' => 'baz#']],
|
|
Chris@0
|
90 'Hey giraffe <a href="/foo?bar=baz%23">MUUUH</a>',
|
|
Chris@0
|
91 ];
|
|
Chris@0
|
92 $data['unrouted-with-fragment'] = [
|
|
Chris@0
|
93 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
94 'base://foo',
|
|
Chris@0
|
95 ['fragment' => 'bar<'],
|
|
Chris@0
|
96 'Hey giraffe <a href="/foo#bar&lt;">MUUUH</a>',
|
|
Chris@0
|
97 ];
|
|
Chris@0
|
98 $data['mailto-protocol'] = [
|
|
Chris@0
|
99 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
100 'mailto:test@example.com',
|
|
Chris@0
|
101 [],
|
|
Chris@0
|
102 'Hey giraffe <a href="mailto:test@example.com">MUUUH</a>',
|
|
Chris@0
|
103 ];
|
|
Chris@0
|
104
|
|
Chris@0
|
105 return $data;
|
|
Chris@0
|
106 }
|
|
Chris@0
|
107
|
|
Chris@0
|
108 /**
|
|
Chris@0
|
109 * @dataProvider providerTestSafeMarkupUriWithException
|
|
Chris@0
|
110 */
|
|
Chris@0
|
111 public function testSafeMarkupUriWithExceptionUri($string, $uri) {
|
|
Chris@0
|
112 // Should throw an \InvalidArgumentException, due to Uri::toString().
|
|
Chris@0
|
113 $this->setExpectedException(\InvalidArgumentException::class);
|
|
Chris@0
|
114 $args = self::getSafeMarkupUriArgs($uri);
|
|
Chris@0
|
115
|
|
Chris@0
|
116 SafeMarkup::format($string, $args);
|
|
Chris@0
|
117 }
|
|
Chris@0
|
118
|
|
Chris@0
|
119 /**
|
|
Chris@0
|
120 * @return array
|
|
Chris@0
|
121 */
|
|
Chris@0
|
122 public function providerTestSafeMarkupUriWithException() {
|
|
Chris@0
|
123 $data = [];
|
|
Chris@0
|
124 $data['js-protocol'] = [
|
|
Chris@0
|
125 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
126 "javascript:alert('xss')",
|
|
Chris@0
|
127 ];
|
|
Chris@0
|
128 $data['js-with-fromCharCode'] = [
|
|
Chris@0
|
129 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
130 "javascript:alert(String.fromCharCode(88,83,83))",
|
|
Chris@0
|
131 ];
|
|
Chris@0
|
132 $data['non-url-with-colon'] = [
|
|
Chris@0
|
133 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
134 "llamas: they are not URLs",
|
|
Chris@0
|
135 ];
|
|
Chris@0
|
136 $data['non-url-with-html'] = [
|
|
Chris@0
|
137 'Hey giraffe <a href=":url">MUUUH</a>',
|
|
Chris@0
|
138 '<span>not a url</span>',
|
|
Chris@0
|
139 ];
|
|
Chris@0
|
140
|
|
Chris@0
|
141 return $data;
|
|
Chris@0
|
142 }
|
|
Chris@0
|
143
|
|
Chris@0
|
144 }
|
