function XssUnitTest::testBadProtocolStripping

Checks that harmful protocols are stripped.

File

drupal/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php, line 84: Definition of Drupal\system\Tests\Common\XssUnitTest.

Class

XssUnitTest: Tests for check_plain(), filter_xss(), format_string(), and check_url().

Namespace

Code

function testBadProtocolStripping() {

  // Ensure that check_url() strips out harmful protocols, and encodes for
  // HTML. Ensure drupal_strip_dangerous_protocols() can be used to return a
  // plain-text string stripped of harmful protocols.
  $url = 'javascript:http://www.example.com/?x=1&y=2';
  $expected_plain = 'http://www.example.com/?x=1&y=2';
  $expected_html = 'http://www.example.com/?x=1&amp;y=2';
  $this
    ->assertIdentical(check_url($url), $expected_html, 'check_url() filters a URL and encodes it for HTML.');
  $this
    ->assertIdentical(drupal_strip_dangerous_protocols($url), $expected_plain, 'drupal_strip_dangerous_protocols() filters a URL and returns plain text.');
}

Main menu

Search Drupal 9.x

API Navigation

function XssUnitTest::testBadProtocolStripping

File

Class

Namespace

Code

Main menu

You are here

Search Drupal 9.x

API Navigation

function XssUnitTest::testBadProtocolStripping

File

Class

Namespace

Code