3 namespace Drupal\system\Tests\Theme;
5 use Drupal\comment\Tests\CommentTestTrait;
6 use Drupal\Core\Extension\ExtensionDiscovery;
7 use Drupal\comment\CommentInterface;
8 use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
9 use Drupal\node\NodeInterface;
10 use Drupal\simpletest\WebTestBase;
11 use Drupal\comment\Entity\Comment;
12 use Drupal\taxonomy\Entity\Term;
15 * Tests themed output for each entity type in all available themes to ensure
16 * entity labels are filtered for XSS.
20 class EntityFilteringThemeTest extends WebTestBase {
25 * Use the standard profile.
27 * We test entity theming with the default node, user, comment, and taxonomy
28 * configurations at several paths in the standard profile.
32 protected $profile = 'standard';
35 * A list of all available themes.
37 * @var \Drupal\Core\Extension\Extension[]
44 * @var \Drupal\user\User
52 * @var \Drupal\node\Node
58 * A test taxonomy term.
60 * @var \Drupal\taxonomy\Term
68 * @var \Drupal\comment\Comment
73 * A string containing markup and JS.
77 protected $xssLabel = "string with <em>HTML</em> and <script>alert('JS');</script>";
79 protected function setUp() {
82 // Install all available non-testing themes.
83 $listing = new ExtensionDiscovery(\Drupal::root());
84 $this->themes = $listing->scan('theme', FALSE);
85 \Drupal::service('theme_handler')->install(array_keys($this->themes));
87 // Create a test user.
88 $this->user = $this->drupalCreateUser(['access content', 'access user profiles']);
89 $this->user->name = $this->xssLabel;
91 $this->drupalLogin($this->user);
93 // Create a test term.
94 $this->term = Term::create([
95 'name' => $this->xssLabel,
100 // Add a comment field.
101 $this->addDefaultCommentField('node', 'article', 'comment', CommentItemInterface::OPEN);
102 // Create a test node tagged with the test term.
103 $this->node = $this->drupalCreateNode([
104 'title' => $this->xssLabel,
106 'promote' => NodeInterface::PROMOTED,
107 'field_tags' => [['target_id' => $this->term->id()]],
110 // Create a test comment on the test node.
111 $this->comment = Comment::create([
112 'entity_id' => $this->node->id(),
113 'entity_type' => 'node',
114 'field_name' => 'comment',
115 'status' => CommentInterface::PUBLISHED,
116 'subject' => $this->xssLabel,
117 'comment_body' => [$this->randomMachineName()],
119 $this->comment->save();
123 * Checks each themed entity for XSS filtering in available themes.
125 public function testThemedEntity() {
126 // Check paths where various view modes of the entities are rendered.
130 'node/' . $this->node->id(),
131 'taxonomy/term/' . $this->term->id(),
134 // Check each path in all available themes.
135 foreach ($this->themes as $name => $theme) {
136 $this->config('system.theme')
137 ->set('default', $name)
139 foreach ($paths as $path) {
140 $this->drupalGet($path);
141 $this->assertResponse(200);
142 $this->assertNoRaw($this->xssLabel);