class AttributeXssTest
Same name and namespace in other branches
- 11.x core/modules/link/tests/src/Unit/AttributeXssTest.php \Drupal\Tests\link\Unit\AttributeXssTest
Tests AttributeXss.
Attributes
#[Group('link')]
#[CoversClass(AttributeXss::class)]
Hierarchy
- class \Drupal\Tests\UnitTestCase uses \Drupal\Tests\DrupalTestCaseTrait, \Drupal\Tests\PhpUnitCompatibilityTrait, \Prophecy\PhpUnit\ProphecyTrait, \Drupal\TestTools\Extension\DeprecationBridge\ExpectDeprecationTrait, \Drupal\Tests\RandomGeneratorTrait extends \PHPUnit\Framework\TestCase
- class \Drupal\Tests\link\Unit\AttributeXssTest extends \Drupal\Tests\UnitTestCase
Expanded class hierarchy of AttributeXssTest
File
-
core/
modules/ link/ tests/ src/ Unit/ AttributeXssTest.php, line 16
Namespace
Drupal\Tests\link\UnitView source
final class AttributeXssTest extends UnitTestCase {
/**
* Covers ::sanitizeAttributes.
*/
public function testSanitizeAttributes(array $attributes, array $expected) : void {
self::assertSame($expected, AttributeXss::sanitizeAttributes($attributes));
}
/**
* Data provider for ::testSanitizeAttributes.
*
* @return \Generator
* Test cases.
*/
public static function providerSanitizeAttributes() : \Generator {
yield 'safe' => [
[
'class' => [
'foo',
'bar',
],
'data-biscuit' => TRUE,
],
[
'class' => [
'foo',
'bar',
],
'data-biscuit' => TRUE,
],
];
yield 'valueless' => [
[
'class' => [
'foo',
'bar',
],
'selected' => '',
],
[
'class' => [
'foo',
'bar',
],
'selected' => '',
],
];
yield 'empty names' => [
[
'class' => [
'foo',
'bar',
],
'' => 'live',
' ' => TRUE,
],
[
'class' => [
'foo',
'bar',
],
],
];
yield 'only empty names' => [
[
'' => 'live',
' ' => TRUE,
],
[],
];
yield 'valueless, mangled with a space' => [
[
'class' => [
'foo',
'bar',
],
'selected href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
];
yield 'valueless, mangled with a space, blocked' => [
[
'class' => [
'foo',
'bar',
],
'selected onclick href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
];
yield 'with encoding' => [
[
'class' => [
'foo',
'bar',
],
'data-how-good' => "It's the bee's knees",
],
[
'class' => [
'foo',
'bar',
],
'data-how-good' => "It's the bee's knees",
],
];
yield 'valueless, mangled with multiple spaces, blocked' => [
[
'class' => [
'foo',
'bar',
],
'selected onclick href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
];
yield 'valueless, mangled with multiple spaces, blocked, mangled first' => [
[
'selected onclick href' => 'http://example.com',
'class' => [
'foo',
'bar',
],
],
[
'selected' => 'selected',
'href' => 'http://example.com',
'class' => [
'foo',
'bar',
],
],
];
yield 'valueless but with value' => [
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
];
yield 'valueless but with value, bad protocol' => [
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'javascript:alert()',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'alert()',
],
];
yield 'valueless, mangled with a space and bad protocol' => [
[
'class' => [
'foo',
'bar',
],
'selected href' => 'javascript:alert()',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'alert()',
],
];
yield 'valueless, mangled with a space and bad protocol, repeated' => [
[
'class' => [
'foo',
'bar',
],
'selected href' => 'javascript:alert()',
'href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'alert()',
],
];
yield 'with a space' => [
[
'class' => [
'foo',
'bar',
],
'href' => \urlencode('some file.pdf'),
],
[
'class' => [
'foo',
'bar',
],
'href' => 'some+file.pdf',
],
];
yield 'with an unencoded space' => [
[
'class' => [
'foo',
'bar',
],
'href' => 'some file.pdf',
],
[
'class' => [
'foo',
'bar',
],
'href' => 'some file.pdf',
],
];
yield 'xss onclick' => [
[
'class' => [
'foo',
'bar',
],
'onclick' => 'alert("whoop");',
],
[
'class' => [
'foo',
'bar',
],
],
];
yield 'xss onclick, valueless, mangled with a space' => [
[
'class' => [
'foo',
'bar',
],
'selected onclick href' => 'http://example.com',
],
[
'class' => [
'foo',
'bar',
],
'selected' => 'selected',
'href' => 'http://example.com',
],
];
yield 'xss protocol' => [
[
'class' => [
'foo',
'bar',
],
'src' => 'javascript:alert("whoop");',
],
[
'class' => [
'foo',
'bar',
],
'src' => 'alert("whoop");',
],
];
}
}Members
| Title Sort descending | Deprecated | Modifiers | Object type | Summary | Overrides |
|---|---|---|---|---|---|
| AttributeXssTest::providerSanitizeAttributes | public static | function | Data provider for ::testSanitizeAttributes. | ||
| AttributeXssTest::testSanitizeAttributes | public | function | Covers ::sanitizeAttributes. | ||
| DrupalTestCaseTrait::checkErrorHandlerOnTearDown | public | function | Checks the test error handler after test execution. | ||
| ExpectDeprecationTrait::expectDeprecation | Deprecated | public | function | Adds an expected deprecation. | |
| ExpectDeprecationTrait::regularExpressionForFormatDescription | private | function | |||
| RandomGeneratorTrait::getRandomGenerator | protected | function | Gets the random generator for the utility methods. | ||
| RandomGeneratorTrait::randomMachineName | protected | function | Generates a unique random string containing letters and numbers. | ||
| RandomGeneratorTrait::randomObject | public | function | Generates a random PHP object. | ||
| RandomGeneratorTrait::randomString | public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | ||
| UnitTestCase::$root | protected | property | The app root. | ||
| UnitTestCase::getClassResolverStub | protected | function | Returns a stub class resolver. | ||
| UnitTestCase::getConfigFactoryStub | public | function | Returns a stub config factory that behaves according to the passed array. | ||
| UnitTestCase::getContainerWithCacheTagsInvalidator | protected | function | Sets up a container with a cache tags invalidator. | ||
| UnitTestCase::getStringTranslationStub | public | function | Returns a stub translation manager that just returns the passed string. | ||
| UnitTestCase::setDebugDumpHandler | public static | function | Registers the dumper CLI handler when the DebugDump extension is enabled. | ||
| UnitTestCase::setUp | protected | function | 366 | ||
| UnitTestCase::setupMockIterator | protected | function | Set up a traversable class mock to return specific items when iterated. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.