Mercurial > hg > isophonics-drupal-site
comparison core/modules/views/tests/src/Functional/ViewsEscapingTest.php @ 0:4c8ae668cc8c
Initial import (non-working)
| author | Chris Cannam |
|---|---|
| date | Wed, 29 Nov 2017 16:09:58 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4c8ae668cc8c |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\Tests\views\Functional; | |
| 4 | |
| 5 /** | |
| 6 * Tests output of Views. | |
| 7 * | |
| 8 * @group views | |
| 9 */ | |
| 10 class ViewsEscapingTest extends ViewTestBase { | |
| 11 | |
| 12 /** | |
| 13 * Views used by this test. | |
| 14 * | |
| 15 * @var array | |
| 16 */ | |
| 17 public static $testViews = ['test_page_display', 'test_field_header']; | |
| 18 | |
| 19 /** | |
| 20 * Used by WebTestBase::setup() | |
| 21 * | |
| 22 * We need theme_test for testing against test_basetheme and test_subtheme. | |
| 23 * | |
| 24 * @var array | |
| 25 * | |
| 26 * @see \Drupal\simpletest\WebTestBase::setup() | |
| 27 */ | |
| 28 public static $modules = ['views', 'theme_test']; | |
| 29 | |
| 30 /** | |
| 31 * {@inheritdoc} | |
| 32 */ | |
| 33 protected function setUp($import_test_views = TRUE) { | |
| 34 parent::setUp(TRUE); | |
| 35 | |
| 36 $this->enableViewsTestModule(); | |
| 37 } | |
| 38 | |
| 39 /** | |
| 40 * Tests for incorrectly escaped markup in the views-view-fields.html.twig. | |
| 41 */ | |
| 42 public function testViewsViewFieldsEscaping() { | |
| 43 // Test with system theme using theme function. | |
| 44 $this->drupalGet('test_page_display_200'); | |
| 45 | |
| 46 // Assert that there are no escaped '<'s characters. | |
| 47 $this->assertNoEscaped('<'); | |
| 48 | |
| 49 // Install theme to test with template system. | |
| 50 \Drupal::service('theme_handler')->install(['views_test_theme']); | |
| 51 | |
| 52 // Make base theme default then test for hook invocations. | |
| 53 $this->config('system.theme') | |
| 54 ->set('default', 'views_test_theme') | |
| 55 ->save(); | |
| 56 $this->assertEqual($this->config('system.theme')->get('default'), 'views_test_theme'); | |
| 57 | |
| 58 $this->drupalGet('test_page_display_200'); | |
| 59 | |
| 60 // Assert that we are using the correct template. | |
| 61 $this->assertText('force', 'The force is strong with this one'); | |
| 62 | |
| 63 // Assert that there are no escaped '<'s characters. | |
| 64 $this->assertNoEscaped('<'); | |
| 65 } | |
| 66 | |
| 67 /** | |
| 68 * Tests for incorrectly escaped markup in a header label on a display table. | |
| 69 */ | |
| 70 public function testViewsFieldHeaderEscaping() { | |
| 71 // Test with a field header label having an html element wrapper. | |
| 72 $this->drupalGet('test_field_header'); | |
| 73 | |
| 74 // Assert that there are no escaped '<'s characters. | |
| 75 $this->assertNoEscaped('<'); | |
| 76 | |
| 77 // Test with a field header label having a XSS test as a wrapper. | |
| 78 $this->drupalGet('test_field_header_xss'); | |
| 79 | |
| 80 // Assert that XSS test is escaped. | |
| 81 $this->assertNoRaw('<script>alert("XSS")</script>', 'Harmful tags are escaped in header label.'); | |
| 82 } | |
| 83 | |
| 84 } |