|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\Tests\views\Functional;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 /**
|
|
Chris@0
|
6 * Tests output of Views.
|
|
Chris@0
|
7 *
|
|
Chris@0
|
8 * @group views
|
|
Chris@0
|
9 */
|
|
Chris@0
|
10 class ViewsEscapingTest extends ViewTestBase {
|
|
Chris@0
|
11
|
|
Chris@0
|
12 /**
|
|
Chris@0
|
13 * Views used by this test.
|
|
Chris@0
|
14 *
|
|
Chris@0
|
15 * @var array
|
|
Chris@0
|
16 */
|
|
Chris@0
|
17 public static $testViews = ['test_page_display', 'test_field_header'];
|
|
Chris@0
|
18
|
|
Chris@0
|
19 /**
|
|
Chris@0
|
20 * Used by WebTestBase::setup()
|
|
Chris@0
|
21 *
|
|
Chris@0
|
22 * We need theme_test for testing against test_basetheme and test_subtheme.
|
|
Chris@0
|
23 *
|
|
Chris@0
|
24 * @var array
|
|
Chris@0
|
25 *
|
|
Chris@0
|
26 * @see \Drupal\simpletest\WebTestBase::setup()
|
|
Chris@0
|
27 */
|
|
Chris@0
|
28 public static $modules = ['views', 'theme_test'];
|
|
Chris@0
|
29
|
|
Chris@0
|
30 /**
|
|
Chris@0
|
31 * {@inheritdoc}
|
|
Chris@0
|
32 */
|
|
Chris@0
|
33 protected function setUp($import_test_views = TRUE) {
|
|
Chris@0
|
34 parent::setUp(TRUE);
|
|
Chris@0
|
35
|
|
Chris@0
|
36 $this->enableViewsTestModule();
|
|
Chris@0
|
37 }
|
|
Chris@0
|
38
|
|
Chris@0
|
39 /**
|
|
Chris@0
|
40 * Tests for incorrectly escaped markup in the views-view-fields.html.twig.
|
|
Chris@0
|
41 */
|
|
Chris@0
|
42 public function testViewsViewFieldsEscaping() {
|
|
Chris@0
|
43 // Test with system theme using theme function.
|
|
Chris@0
|
44 $this->drupalGet('test_page_display_200');
|
|
Chris@0
|
45
|
|
Chris@0
|
46 // Assert that there are no escaped '<'s characters.
|
|
Chris@0
|
47 $this->assertNoEscaped('<');
|
|
Chris@0
|
48
|
|
Chris@0
|
49 // Install theme to test with template system.
|
|
Chris@0
|
50 \Drupal::service('theme_handler')->install(['views_test_theme']);
|
|
Chris@0
|
51
|
|
Chris@0
|
52 // Make base theme default then test for hook invocations.
|
|
Chris@0
|
53 $this->config('system.theme')
|
|
Chris@0
|
54 ->set('default', 'views_test_theme')
|
|
Chris@0
|
55 ->save();
|
|
Chris@0
|
56 $this->assertEqual($this->config('system.theme')->get('default'), 'views_test_theme');
|
|
Chris@0
|
57
|
|
Chris@0
|
58 $this->drupalGet('test_page_display_200');
|
|
Chris@0
|
59
|
|
Chris@0
|
60 // Assert that we are using the correct template.
|
|
Chris@0
|
61 $this->assertText('force', 'The force is strong with this one');
|
|
Chris@0
|
62
|
|
Chris@0
|
63 // Assert that there are no escaped '<'s characters.
|
|
Chris@0
|
64 $this->assertNoEscaped('<');
|
|
Chris@0
|
65 }
|
|
Chris@0
|
66
|
|
Chris@0
|
67 /**
|
|
Chris@0
|
68 * Tests for incorrectly escaped markup in a header label on a display table.
|
|
Chris@0
|
69 */
|
|
Chris@0
|
70 public function testViewsFieldHeaderEscaping() {
|
|
Chris@0
|
71 // Test with a field header label having an html element wrapper.
|
|
Chris@0
|
72 $this->drupalGet('test_field_header');
|
|
Chris@0
|
73
|
|
Chris@0
|
74 // Assert that there are no escaped '<'s characters.
|
|
Chris@0
|
75 $this->assertNoEscaped('<');
|
|
Chris@0
|
76
|
|
Chris@0
|
77 // Test with a field header label having a XSS test as a wrapper.
|
|
Chris@0
|
78 $this->drupalGet('test_field_header_xss');
|
|
Chris@0
|
79
|
|
Chris@0
|
80 // Assert that XSS test is escaped.
|
|
Chris@0
|
81 $this->assertNoRaw('<script>alert("XSS")</script>', 'Harmful tags are escaped in header label.');
|
|
Chris@0
|
82 }
|
|
Chris@0
|
83
|
|
Chris@0
|
84 }
|
