Mercurial > hg > isophonics-drupal-site
annotate core/modules/system/src/Tests/Theme/TwigRawTest.php @ 14:1fec387a4317
Update Drupal core to 8.5.2 via Composer
| author | Chris Cannam |
|---|---|
| date | Mon, 23 Apr 2018 09:46:53 +0100 |
| parents | 4c8ae668cc8c |
| children |
| rev | line source |
|---|---|
| Chris@0 | 1 <?php |
| Chris@0 | 2 |
| Chris@0 | 3 namespace Drupal\system\Tests\Theme; |
| Chris@0 | 4 |
| Chris@0 | 5 use Drupal\simpletest\WebTestBase; |
| Chris@0 | 6 |
| Chris@0 | 7 /** |
| Chris@0 | 8 * Tests Twig 'raw' filter. |
| Chris@0 | 9 * |
| Chris@0 | 10 * @group Theme |
| Chris@0 | 11 */ |
| Chris@0 | 12 class TwigRawTest extends WebTestBase { |
| Chris@0 | 13 |
| Chris@0 | 14 /** |
| Chris@0 | 15 * Modules to enable. |
| Chris@0 | 16 * |
| Chris@0 | 17 * @var array |
| Chris@0 | 18 */ |
| Chris@0 | 19 public static $modules = ['twig_theme_test']; |
| Chris@0 | 20 |
| Chris@0 | 21 /** |
| Chris@0 | 22 * Tests the raw filter inside an autoescape tag. |
| Chris@0 | 23 */ |
| Chris@0 | 24 public function testAutoescapeRaw() { |
| Chris@0 | 25 $test = [ |
| Chris@0 | 26 '#theme' => 'twig_raw_test', |
| Chris@0 | 27 '#script' => '<script>alert("This alert is real because I will put it through the raw filter!");</script>', |
| Chris@0 | 28 ]; |
| Chris@0 | 29 $rendered = \Drupal::service('renderer')->renderRoot($test); |
| Chris@0 | 30 $this->setRawContent($rendered); |
| Chris@0 | 31 $this->assertRaw('<script>alert("This alert is real because I will put it through the raw filter!");</script>'); |
| Chris@0 | 32 } |
| Chris@0 | 33 |
| Chris@0 | 34 /** |
| Chris@0 | 35 * Tests autoescaping of unsafe content. |
| Chris@0 | 36 * |
| Chris@0 | 37 * This is one of the most important tests in Drupal itself in terms of |
| Chris@0 | 38 * security. |
| Chris@0 | 39 */ |
| Chris@0 | 40 public function testAutoescape() { |
| Chris@0 | 41 $script = '<script>alert("This alert is unreal!");</script>'; |
| Chris@0 | 42 $build = [ |
| Chris@0 | 43 '#theme' => 'twig_autoescape_test', |
| Chris@0 | 44 '#script' => $script, |
| Chris@0 | 45 ]; |
| Chris@0 | 46 $rendered = \Drupal::service('renderer')->renderRoot($build); |
| Chris@0 | 47 $this->setRawContent($rendered); |
| Chris@0 | 48 $this->assertEscaped($script); |
| Chris@0 | 49 } |
| Chris@0 | 50 |
| Chris@0 | 51 } |