function RequestSanitizerTest::providerTestAcceptableDestinations

Same name in other branches
  1. 8.9.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestAcceptableDestinations()
  2. 10 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestAcceptableDestinations()
  3. 11.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestAcceptableDestinations()

Data provider for testing acceptable destinations.

File

core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php, line 315

Class

RequestSanitizerTest
Tests RequestSanitizer class.

Namespace

Drupal\Tests\Core\Security

Code

public function providerTestAcceptableDestinations() {
    $data = [];
    // Standard internal example node path is present in the 'destination'
    // parameter.
    $data[] = [
        'node',
    ];
    // Internal path with one leading slash is allowed.
    $data[] = [
        '/example.com',
    ];
    // Internal URL using a colon is allowed.
    $data[] = [
        'example:test',
    ];
    // JavaScript URL is allowed because it is treated as an internal URL.
    $data[] = [
        'javascript:alert(0)',
    ];
    return $data;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.