|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\system\Tests\System;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\Component\Utility\Html;
|
|
Chris@0
|
6 use Drupal\Component\Utility\Xss;
|
|
Chris@0
|
7 use Drupal\simpletest\WebTestBase;
|
|
Chris@0
|
8
|
|
Chris@0
|
9 /**
|
|
Chris@0
|
10 * Tests HTML output escaping of page title, site name, and slogan.
|
|
Chris@0
|
11 *
|
|
Chris@0
|
12 * @group system
|
|
Chris@0
|
13 */
|
|
Chris@0
|
14 class PageTitleTest extends WebTestBase {
|
|
Chris@0
|
15
|
|
Chris@0
|
16 /**
|
|
Chris@0
|
17 * Modules to enable.
|
|
Chris@0
|
18 *
|
|
Chris@0
|
19 * @var array
|
|
Chris@0
|
20 */
|
|
Chris@0
|
21 public static $modules = ['node', 'test_page_test', 'form_test', 'block'];
|
|
Chris@0
|
22
|
|
Chris@0
|
23 protected $contentUser;
|
|
Chris@0
|
24 protected $savedTitle;
|
|
Chris@0
|
25
|
|
Chris@0
|
26 /**
|
|
Chris@0
|
27 * Implement setUp().
|
|
Chris@0
|
28 */
|
|
Chris@0
|
29 protected function setUp() {
|
|
Chris@0
|
30 parent::setUp();
|
|
Chris@0
|
31
|
|
Chris@0
|
32 $this->drupalCreateContentType(['type' => 'page', 'name' => 'Basic page']);
|
|
Chris@0
|
33
|
|
Chris@0
|
34 $this->drupalPlaceBlock('page_title_block');
|
|
Chris@0
|
35
|
|
Chris@0
|
36 $this->contentUser = $this->drupalCreateUser(['create page content', 'access content', 'administer themes', 'administer site configuration', 'link to any page']);
|
|
Chris@0
|
37 $this->drupalLogin($this->contentUser);
|
|
Chris@0
|
38 }
|
|
Chris@0
|
39
|
|
Chris@0
|
40 /**
|
|
Chris@0
|
41 * Tests the handling of HTML in node titles.
|
|
Chris@0
|
42 */
|
|
Chris@0
|
43 public function testTitleTags() {
|
|
Chris@0
|
44 $title = "string with <em>HTML</em>";
|
|
Chris@0
|
45 // Generate node content.
|
|
Chris@0
|
46 $edit = [
|
|
Chris@0
|
47 'title[0][value]' => '!SimpleTest! ' . $title . $this->randomMachineName(20),
|
|
Chris@0
|
48 'body[0][value]' => '!SimpleTest! test body' . $this->randomMachineName(200),
|
|
Chris@0
|
49 ];
|
|
Chris@0
|
50 // Create the node with HTML in the title.
|
|
Chris@0
|
51 $this->drupalPostForm('node/add/page', $edit, t('Save'));
|
|
Chris@0
|
52
|
|
Chris@0
|
53 $node = $this->drupalGetNodeByTitle($edit['title[0][value]']);
|
|
Chris@0
|
54 $this->assertNotNull($node, 'Node created and found in database');
|
|
Chris@0
|
55 $this->assertText(Html::escape($edit['title[0][value]']), 'Check to make sure tags in the node title are converted.');
|
|
Chris@0
|
56 $this->drupalGet("node/" . $node->id());
|
|
Chris@0
|
57 $this->assertText(Html::escape($edit['title[0][value]']), 'Check to make sure tags in the node title are converted.');
|
|
Chris@0
|
58 }
|
|
Chris@0
|
59
|
|
Chris@0
|
60 /**
|
|
Chris@0
|
61 * Test if the title of the site is XSS proof.
|
|
Chris@0
|
62 */
|
|
Chris@0
|
63 public function testTitleXSS() {
|
|
Chris@0
|
64 // Set some title with JavaScript and HTML chars to escape.
|
|
Chris@0
|
65 $title = '</title><script type="text/javascript">alert("Title XSS!");</script> & < > " \' ';
|
|
Chris@0
|
66 $title_filtered = Html::escape($title);
|
|
Chris@0
|
67
|
|
Chris@0
|
68 $slogan = '<script type="text/javascript">alert("Slogan XSS!");</script>';
|
|
Chris@0
|
69 $slogan_filtered = Xss::filterAdmin($slogan);
|
|
Chris@0
|
70
|
|
Chris@0
|
71 // Set title and slogan.
|
|
Chris@0
|
72 $edit = [
|
|
Chris@0
|
73 'site_name' => $title,
|
|
Chris@0
|
74 'site_slogan' => $slogan,
|
|
Chris@0
|
75 ];
|
|
Chris@0
|
76 $this->drupalPostForm('admin/config/system/site-information', $edit, t('Save configuration'));
|
|
Chris@0
|
77
|
|
Chris@0
|
78 // Place branding block with site name and slogan into header region.
|
|
Chris@0
|
79 $this->drupalPlaceBlock('system_branding_block', ['region' => 'header']);
|
|
Chris@0
|
80
|
|
Chris@0
|
81 // Load frontpage.
|
|
Chris@0
|
82 $this->drupalGet('');
|
|
Chris@0
|
83
|
|
Chris@0
|
84 // Test the title.
|
|
Chris@0
|
85 $this->assertNoRaw($title, 'Check for the lack of the unfiltered version of the title.');
|
|
Chris@0
|
86 // Add </title> to make sure we're checking the title tag, rather than the
|
|
Chris@0
|
87 // first 'heading' on the page.
|
|
Chris@0
|
88 $this->assertRaw($title_filtered . '</title>', 'Check for the filtered version of the title in a <title> tag.');
|
|
Chris@0
|
89
|
|
Chris@0
|
90 // Test the slogan.
|
|
Chris@0
|
91 $this->assertNoRaw($slogan, 'Check for the unfiltered version of the slogan.');
|
|
Chris@0
|
92 $this->assertRaw($slogan_filtered, 'Check for the filtered version of the slogan.');
|
|
Chris@0
|
93 }
|
|
Chris@0
|
94
|
|
Chris@0
|
95 /**
|
|
Chris@0
|
96 * Tests the page title of render arrays.
|
|
Chris@0
|
97 *
|
|
Chris@0
|
98 * @see \Drupal\test_page_test\Controller\Test
|
|
Chris@0
|
99 */
|
|
Chris@0
|
100 public function testRoutingTitle() {
|
|
Chris@0
|
101 // Test the '#title' render array attribute.
|
|
Chris@0
|
102 $this->drupalGet('test-render-title');
|
|
Chris@0
|
103
|
|
Chris@0
|
104 $this->assertTitle('Foo | Drupal');
|
|
Chris@0
|
105 $result = $this->xpath('//h1[@class="page-title"]');
|
|
Chris@0
|
106 $this->assertEqual('Foo', (string) $result[0]);
|
|
Chris@0
|
107
|
|
Chris@0
|
108 // Test forms
|
|
Chris@0
|
109 $this->drupalGet('form-test/object-builder');
|
|
Chris@0
|
110
|
|
Chris@0
|
111 $this->assertTitle('Test dynamic title | Drupal');
|
|
Chris@0
|
112 $result = $this->xpath('//h1[@class="page-title"]');
|
|
Chris@0
|
113 $this->assertEqual('Test dynamic title', (string) $result[0]);
|
|
Chris@0
|
114
|
|
Chris@0
|
115 // Set some custom translated strings.
|
|
Chris@0
|
116 $this->addCustomTranslations('en', [
|
|
Chris@0
|
117 '' => ['Static title' => 'Static title translated'],
|
|
Chris@0
|
118 ]);
|
|
Chris@0
|
119 $this->writeCustomTranslations();
|
|
Chris@0
|
120
|
|
Chris@0
|
121 // Ensure that the title got translated.
|
|
Chris@0
|
122 $this->drupalGet('test-page-static-title');
|
|
Chris@0
|
123
|
|
Chris@0
|
124 $this->assertTitle('Static title translated | Drupal');
|
|
Chris@0
|
125 $result = $this->xpath('//h1[@class="page-title"]');
|
|
Chris@0
|
126 $this->assertEqual('Static title translated', (string) $result[0]);
|
|
Chris@0
|
127
|
|
Chris@0
|
128 // Test the dynamic '_title_callback' route option.
|
|
Chris@0
|
129 $this->drupalGet('test-page-dynamic-title');
|
|
Chris@0
|
130
|
|
Chris@0
|
131 $this->assertTitle('Dynamic title | Drupal');
|
|
Chris@0
|
132 $result = $this->xpath('//h1[@class="page-title"]');
|
|
Chris@0
|
133 $this->assertEqual('Dynamic title', (string) $result[0]);
|
|
Chris@0
|
134
|
|
Chris@0
|
135 // Ensure that titles are cacheable and are escaped normally if the
|
|
Chris@0
|
136 // controller does not escape them.
|
|
Chris@0
|
137 $this->drupalGet('test-page-cached-controller');
|
|
Chris@0
|
138 $this->assertTitle('Cached title | Drupal');
|
|
Chris@0
|
139 $this->assertRaw(Html::escape('<span>Cached title</span>') . '</h1>');
|
|
Chris@0
|
140 $this->drupalGet('test-page-cached-controller');
|
|
Chris@0
|
141 $this->assertTitle('Cached title | Drupal');
|
|
Chris@0
|
142 $this->assertRaw(Html::escape('<span>Cached title</span>') . '</h1>');
|
|
Chris@0
|
143 }
|
|
Chris@0
|
144
|
|
Chris@0
|
145 }
|
