opdavies/drupalcampbristol
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update to Drupal 8.0.0 beta 14. For more information, see https://drupal.org/node/2544542

Browse source
This commit is contained in:
Pantheon Automation 2015-08-27 12:03:05 -07:00 committed by Greg Anderson
parent 3b2511d96d
commit 81ccda77eb
2155 changed files with 54307 additions and 46870 deletions
Download patch file Download diff file Expand all files Collapse all files

36
core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
View file

@ -8,6 +8,7 @@
namespace Drupal\Tests\Component\Utility;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Xss;
use Drupal\Tests\UnitTestCase;
/**
@ -212,6 +213,41 @@ class SafeMarkupTest extends UnitTestCase {
$this->assertEquals($is_safe, SafeMarkup::isSafe($result));
}
/**
* Tests the interaction between the safe list and XSS filtering.
*
* @covers ::xssFilter
* @covers ::escape
*/
public function testAdminXss() {
// Use the predefined XSS admin tag list. This strips the <marquee> tags.
$this->assertEquals('text', SafeMarkup::xssFilter('<marquee>text</marquee>', Xss::getAdminTagList()));
$this->assertTrue(SafeMarkup::isSafe('text'), 'The string \'text\' is marked as safe.');
// This won't strip the <marquee> tags and the string with HTML will be
// marked as safe.
$filtered = SafeMarkup::xssFilter('<marquee>text</marquee>', array('marquee'));
$this->assertEquals('<marquee>text</marquee>', $filtered);
$this->assertTrue(SafeMarkup::isSafe('<marquee>text</marquee>'), 'The string \'<marquee>text</marquee>\' is marked as safe.');
// SafeMarkup::xssFilter() with the default tag list will strip the
// <marquee> tag even though the string was marked safe above.
$this->assertEquals('text', SafeMarkup::xssFilter('<marquee>text</marquee>'));
// SafeMarkup::escape() will not escape the markup tag since the string was
// marked safe above.
$this->assertEquals('<marquee>text</marquee>', SafeMarkup::escape($filtered));
// SafeMarkup::checkPlain() will escape the markup tag even though the
// string was marked safe above.
$this->assertEquals('&lt;marquee&gt;text&lt;/marquee&gt;', SafeMarkup::checkPlain($filtered));
// Ensure that SafeMarkup::xssFilter strips all tags when passed an empty
// array and uses the default tag list when not passed a tag list.
$this->assertEquals('text', SafeMarkup::xssFilter('<em>text</em>', []));
$this->assertEquals('<em>text</em>', SafeMarkup::xssFilter('<em>text</em>'));
}
/**
* Data provider for testReplace().
*