3 namespace Drupal\KernelTests\Core\Common;
5 use Drupal\Component\Utility\UrlHelper;
6 use Drupal\KernelTests\KernelTestBase;
9 * Confirm that \Drupal\Component\Utility\Xss::filter() and check_url() work
10 * correctly, including invalid multi-byte sequences.
14 class XssUnitTest extends KernelTestBase {
21 public static $modules = ['filter', 'system'];
23 protected function setUp() {
25 $this->installConfig(['system']);
29 * Tests t() functionality.
31 public function testT() {
32 $text = t('Simple text');
33 $this->assertEqual($text, 'Simple text', 't leaves simple text alone.');
34 $text = t('Escaped text: @value', ['@value' => '<script>']);
35 $this->assertEqual($text, 'Escaped text: <script>', 't replaces and escapes string.');
36 $text = t('Placeholder text: %value', ['%value' => '<script>']);
37 $this->assertEqual($text, 'Placeholder text: <em class="placeholder"><script></em>', 't replaces, escapes and themes string.');
41 * Checks that harmful protocols are stripped.
43 public function testBadProtocolStripping() {
44 // Ensure that check_url() strips out harmful protocols, and encodes for
46 // Ensure \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() can
47 // be used to return a plain-text string stripped of harmful protocols.
48 $url = 'javascript:http://www.example.com/?x=1&y=2';
49 $expected_plain = 'http://www.example.com/?x=1&y=2';
50 $expected_html = 'http://www.example.com/?x=1&y=2';
51 $this->assertIdentical(check_url($url), $expected_html, 'check_url() filters a URL and encodes it for HTML.');
52 $this->assertIdentical(UrlHelper::filterBadProtocol($url), $expected_html, '\Drupal\Component\Utility\UrlHelper::filterBadProtocol() filters a URL and encodes it for HTML.');
53 $this->assertIdentical(UrlHelper::stripDangerousProtocols($url), $expected_plain, '\Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() filters a URL and returns plain text.');