Tests the validation of the translation input.
function testStringValidation() {
global $base_url;
// User to add language and strings.
$admin_user = $this
->drupalCreateUser(array(
'administer languages',
'access administration pages',
'translate interface',
));
$this
->drupalLogin($admin_user);
$langcode = 'xx';
// The English name for the language. This will be translated.
$name = $this
->randomName(16);
// These will be the invalid translations of $name.
$key = $this
->randomName(16);
$bad_translations[$key] = "<script>alert('xss');</script>" . $key;
$key = $this
->randomName(16);
$bad_translations[$key] = '<img SRC="javascript:alert(\'xss\');">' . $key;
$key = $this
->randomName(16);
$bad_translations[$key] = '<<SCRIPT>alert("xss");//<</SCRIPT>' . $key;
$key = $this
->randomName(16);
$bad_translations[$key] = "<BODY ONLOAD=alert('xss')>" . $key;
// Add custom language.
$edit = array(
'predefined_langcode' => 'custom',
'langcode' => $langcode,
'name' => $name,
'direction' => '0',
);
$this
->drupalPost('admin/config/regional/language/add', $edit, t('Add custom language'));
// Add string.
t($name, array(), array(
'langcode' => $langcode,
));
// Reset locale cache.
$search = array(
'string' => $name,
'langcode' => $langcode,
'translation' => 'all',
);
$this
->drupalPost('admin/config/regional/translate/translate', $search, t('Filter'));
// Find the edit path.
$textarea = current($this
->xpath('//textarea'));
$lid = (string) $textarea[0]['name'];
foreach ($bad_translations as $key => $translation) {
$edit = array(
$lid => $translation,
);
$this
->drupalPost('admin/config/regional/translate/translate', $edit, t('Save translations'));
// Check for a form error on the textarea.
$form_class = $this
->xpath('//form[@id="locale-translate-edit-form"]//textarea/@class');
$this
->assertNotIdentical(FALSE, strpos($form_class[0], 'error'), t('The string was rejected as unsafe.'));
$this
->assertNoText(t('The string has been saved.'), t('The string was not saved.'));
}
}