Chris@0
|
1 <?php
|
Chris@0
|
2
|
Chris@0
|
3 namespace Drupal\KernelTests\Component\Utility;
|
Chris@0
|
4
|
Chris@17
|
5 use Drupal\Component\Render\FormattableMarkup;
|
Chris@0
|
6 use Drupal\Core\Url;
|
Chris@0
|
7 use Drupal\KernelTests\KernelTestBase;
|
Chris@0
|
8
|
Chris@0
|
9 /**
|
Chris@0
|
10 * Provides a test covering integration of SafeMarkup with other systems.
|
Chris@0
|
11 *
|
Chris@0
|
12 * @group Utility
|
Chris@0
|
13 */
|
Chris@0
|
14 class SafeMarkupKernelTest extends KernelTestBase {
|
Chris@0
|
15
|
Chris@0
|
16 /**
|
Chris@0
|
17 * {@inheritdoc}
|
Chris@0
|
18 */
|
Chris@0
|
19 public static $modules = ['system'];
|
Chris@0
|
20
|
Chris@0
|
21 /**
|
Chris@0
|
22 * {@inheritdoc}
|
Chris@0
|
23 */
|
Chris@0
|
24 protected function setUp() {
|
Chris@0
|
25 parent::setUp();
|
Chris@0
|
26
|
Chris@0
|
27 $this->container->get('router.builder')->rebuild();
|
Chris@0
|
28 }
|
Chris@0
|
29
|
Chris@0
|
30 /**
|
Chris@17
|
31 * Gets arguments for FormattableMarkup based on Url::fromUri() parameters.
|
Chris@0
|
32 *
|
Chris@0
|
33 * @param string $uri
|
Chris@0
|
34 * The URI of the resource.
|
Chris@0
|
35 * @param array $options
|
Chris@0
|
36 * The options to pass to Url::fromUri().
|
Chris@0
|
37 *
|
Chris@0
|
38 * @return array
|
Chris@0
|
39 * Array containing:
|
Chris@0
|
40 * - ':url': A URL string.
|
Chris@17
|
41 *
|
Chris@17
|
42 * @see \Drupal\Component\Render\FormattableMarkup
|
Chris@0
|
43 */
|
Chris@0
|
44 protected static function getSafeMarkupUriArgs($uri, $options = []) {
|
Chris@0
|
45 $args[':url'] = Url::fromUri($uri, $options)->toString();
|
Chris@0
|
46 return $args;
|
Chris@0
|
47 }
|
Chris@0
|
48
|
Chris@0
|
49 /**
|
Chris@17
|
50 * Tests URL ":placeholders" in \Drupal\Component\Render\FormattableMarkup.
|
Chris@0
|
51 *
|
Chris@0
|
52 * @dataProvider providerTestSafeMarkupUri
|
Chris@0
|
53 */
|
Chris@0
|
54 public function testSafeMarkupUri($string, $uri, $options, $expected) {
|
Chris@0
|
55 $args = self::getSafeMarkupUriArgs($uri, $options);
|
Chris@17
|
56 $this->assertEquals($expected, new FormattableMarkup($string, $args));
|
Chris@0
|
57 }
|
Chris@0
|
58
|
Chris@0
|
59 /**
|
Chris@0
|
60 * @return array
|
Chris@0
|
61 */
|
Chris@0
|
62 public function providerTestSafeMarkupUri() {
|
Chris@0
|
63 $data = [];
|
Chris@0
|
64 $data['routed-url'] = [
|
Chris@0
|
65 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
66 'route:system.admin',
|
Chris@0
|
67 [],
|
Chris@0
|
68 'Hey giraffe <a href="/admin">MUUUH</a>',
|
Chris@0
|
69 ];
|
Chris@0
|
70 $data['routed-with-query'] = [
|
Chris@0
|
71 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
72 'route:system.admin',
|
Chris@0
|
73 ['query' => ['bar' => 'baz#']],
|
Chris@0
|
74 'Hey giraffe <a href="/admin?bar=baz%23">MUUUH</a>',
|
Chris@0
|
75 ];
|
Chris@0
|
76 $data['routed-with-fragment'] = [
|
Chris@0
|
77 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
78 'route:system.admin',
|
Chris@0
|
79 ['fragment' => 'bar<'],
|
Chris@0
|
80 'Hey giraffe <a href="/admin#bar&lt;">MUUUH</a>',
|
Chris@0
|
81 ];
|
Chris@0
|
82 $data['unrouted-url'] = [
|
Chris@0
|
83 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
84 'base://foo',
|
Chris@0
|
85 [],
|
Chris@0
|
86 'Hey giraffe <a href="/foo">MUUUH</a>',
|
Chris@0
|
87 ];
|
Chris@0
|
88 $data['unrouted-with-query'] = [
|
Chris@0
|
89 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
90 'base://foo',
|
Chris@0
|
91 ['query' => ['bar' => 'baz#']],
|
Chris@0
|
92 'Hey giraffe <a href="/foo?bar=baz%23">MUUUH</a>',
|
Chris@0
|
93 ];
|
Chris@0
|
94 $data['unrouted-with-fragment'] = [
|
Chris@0
|
95 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
96 'base://foo',
|
Chris@0
|
97 ['fragment' => 'bar<'],
|
Chris@0
|
98 'Hey giraffe <a href="/foo#bar&lt;">MUUUH</a>',
|
Chris@0
|
99 ];
|
Chris@0
|
100 $data['mailto-protocol'] = [
|
Chris@0
|
101 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
102 'mailto:test@example.com',
|
Chris@0
|
103 [],
|
Chris@0
|
104 'Hey giraffe <a href="mailto:test@example.com">MUUUH</a>',
|
Chris@0
|
105 ];
|
Chris@0
|
106
|
Chris@0
|
107 return $data;
|
Chris@0
|
108 }
|
Chris@0
|
109
|
Chris@0
|
110 /**
|
Chris@0
|
111 * @dataProvider providerTestSafeMarkupUriWithException
|
Chris@0
|
112 */
|
Chris@0
|
113 public function testSafeMarkupUriWithExceptionUri($string, $uri) {
|
Chris@0
|
114 // Should throw an \InvalidArgumentException, due to Uri::toString().
|
Chris@0
|
115 $this->setExpectedException(\InvalidArgumentException::class);
|
Chris@0
|
116 $args = self::getSafeMarkupUriArgs($uri);
|
Chris@0
|
117
|
Chris@17
|
118 new FormattableMarkup($string, $args);
|
Chris@0
|
119 }
|
Chris@0
|
120
|
Chris@0
|
121 /**
|
Chris@0
|
122 * @return array
|
Chris@0
|
123 */
|
Chris@0
|
124 public function providerTestSafeMarkupUriWithException() {
|
Chris@0
|
125 $data = [];
|
Chris@0
|
126 $data['js-protocol'] = [
|
Chris@0
|
127 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
128 "javascript:alert('xss')",
|
Chris@0
|
129 ];
|
Chris@0
|
130 $data['js-with-fromCharCode'] = [
|
Chris@0
|
131 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
132 "javascript:alert(String.fromCharCode(88,83,83))",
|
Chris@0
|
133 ];
|
Chris@0
|
134 $data['non-url-with-colon'] = [
|
Chris@0
|
135 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
136 "llamas: they are not URLs",
|
Chris@0
|
137 ];
|
Chris@0
|
138 $data['non-url-with-html'] = [
|
Chris@0
|
139 'Hey giraffe <a href=":url">MUUUH</a>',
|
Chris@0
|
140 '<span>not a url</span>',
|
Chris@0
|
141 ];
|
Chris@0
|
142
|
Chris@0
|
143 return $data;
|
Chris@0
|
144 }
|
Chris@0
|
145
|
Chris@0
|
146 }
|