function ExceptionHandlingTest::testBacktraceEscaping
Same name in other branches
- 9 core/tests/Drupal/KernelTests/Core/Routing/ExceptionHandlingTest.php \Drupal\KernelTests\Core\Routing\ExceptionHandlingTest::testBacktraceEscaping()
- 8.9.x core/tests/Drupal/KernelTests/Core/Routing/ExceptionHandlingTest.php \Drupal\KernelTests\Core\Routing\ExceptionHandlingTest::testBacktraceEscaping()
- 11.x core/tests/Drupal/KernelTests/Core/Routing/ExceptionHandlingTest.php \Drupal\KernelTests\Core\Routing\ExceptionHandlingTest::testBacktraceEscaping()
Tests if exception backtraces are properly escaped when output to HTML.
File
-
core/
tests/ Drupal/ KernelTests/ Core/ Routing/ ExceptionHandlingTest.php, line 166
Class
- ExceptionHandlingTest
- Tests the exception handling for various cases.
Namespace
Drupal\KernelTests\Core\RoutingCode
public function testBacktraceEscaping() : void {
// Enable verbose error logging.
$this->config('system.logging')
->set('error_level', ERROR_REPORTING_DISPLAY_VERBOSE)
->save();
$request = Request::create('/router_test/test17');
$request->setFormat('html', [
'text/html',
]);
/** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
$kernel = \Drupal::getContainer()->get('http_kernel');
$response = $kernel->handle($request)
->prepare($request);
$this->assertEquals(Response::HTTP_INTERNAL_SERVER_ERROR, $response->getStatusCode());
$this->assertEquals('text/html; charset=UTF-8', $response->headers
->get('Content-type'));
// Test both that the backtrace is properly escaped, and that the unescaped
// string is not output at all.
$this->assertStringContainsString(Html::escape('<script>alert(\'xss\')</script>'), $response->getContent());
$this->assertStringNotContainsString('<script>alert(\'xss\')</script>', $response->getContent());
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.