Commit 7628e38b authored by catch's avatar catch
Browse files

Issue #3139433 by mondrake, Hardik_Patel_12, mohrerao, jungle: Replace usages...

Issue #3139433 by mondrake, Hardik_Patel_12, mohrerao, jungle: Replace usages of AssertLegacyTrait::assert(No)Escaped, that is deprecated
parent 30ca835c
......@@ -63,7 +63,7 @@ public function testFeedLabelEscaping() {
$this->drupalGet('aggregator/sources/' . $feed->id());
$this->assertSession()->statusCodeEquals(200);
$this->assertEscaped('Test feed title <script>alert(123);</script>');
$this->assertSession()->assertEscaped('Test feed title <script>alert(123);</script>');
$this->assertNoRaw('Test feed title <script>alert(123);</script>');
// Ensure the feed icon title is escaped.
......
......@@ -282,9 +282,9 @@ public function testThemeName() {
$theme = 'block_test_specialchars_theme';
\Drupal::service('theme_installer')->install([$theme]);
$this->drupalGet('admin/structure/block');
$this->assertEscaped('<"Cat" & \'Mouse\'>');
$this->assertSession()->assertEscaped('<"Cat" & \'Mouse\'>');
$this->drupalGet('admin/structure/block/list/block_test_specialchars_theme');
$this->assertEscaped('Demonstrate block regions (<"Cat" & \'Mouse\'>)');
$this->assertSession()->assertEscaped('Demonstrate block regions (<"Cat" & \'Mouse\'>)');
}
/**
......
......@@ -97,7 +97,7 @@ public function testBlockDemoUiPage() {
// Ensure that other themes can use the block demo page.
\Drupal::service('theme_installer')->install(['test_theme']);
$this->drupalGet('admin/structure/block/demo/test_theme');
$this->assertEscaped('<strong>Test theme</strong>');
$this->assertSession()->assertEscaped('<strong>Test theme</strong>');
// Ensure that a hidden theme cannot use the block demo page.
\Drupal::service('theme_installer')->install(['stable']);
......
......@@ -38,7 +38,7 @@ public function testNoUnexpectedEscaping() {
]));
$this->drupalGet(Url::fromRoute('block.admin_display'));
$this->clickLink('Place block');
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
}
/**
......@@ -125,14 +125,14 @@ protected function doViewTest() {
// second one. Note that the second assertion is redundant with the one
// further down which also checks for the Display label, but is included
// here for clarity.
$this->assertNoEscaped('<script>alert("view1");</script>:');
$this->assertEscaped('<script>alert("view2");</script>:');
$this->assertSession()->assertNoEscaped('<script>alert("view1");</script>:');
$this->assertSession()->assertEscaped('<script>alert("view2");</script>:');
// Assert that the blocks have their admin labels escaped and
// don't appear anywhere unescaped.
$this->assertEscaped('<script>alert("view1");</script>');
$this->assertSession()->assertEscaped('<script>alert("view1");</script>');
$this->assertNoRaw('<script>alert("view1");</script>');
$this->assertEscaped('<script>alert("view2");</script>: Fish & chips');
$this->assertSession()->assertEscaped('<script>alert("view2");</script>: Fish & chips');
$this->assertNoRaw('<script>alert("view2");</script>');
$this->assertNoRaw('Fish & chips');
......@@ -153,7 +153,7 @@ protected function doMenuTest() {
$this->drupalGet(Url::fromRoute('block.admin_display'));
$this->clickLink('Place block');
$this->assertEscaped('<script>alert("menu");</script>');
$this->assertSession()->assertEscaped('<script>alert("menu");</script>');
$this->assertNoRaw('<script>alert("menu");</script>');
}
......@@ -174,7 +174,7 @@ protected function doBlockContentTest() {
$this->drupalGet(Url::fromRoute('block.admin_display'));
$this->clickLink('Place block');
$this->assertEscaped('<script>alert("block_content");</script>');
$this->assertSession()->assertEscaped('<script>alert("block_content");</script>');
$this->assertNoRaw('<script>alert("block_content");</script>');
}
......
......@@ -50,12 +50,12 @@ public function testCommentPreview() {
$edit['subject[0][value]'] = $this->randomMachineName(8);
$edit['comment_body[0][value]'] = $this->randomMachineName(16);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertEscaped('<em>' . $this->webUser->id() . '</em>');
$this->assertSession()->assertEscaped('<em>' . $this->webUser->id() . '</em>');
\Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertInstanceOf(MarkupInterface::class, $this->webUser->getDisplayName());
$this->assertNoEscaped('<em>' . $this->webUser->id() . '</em>');
$this->assertSession()->assertNoEscaped('<em>' . $this->webUser->id() . '</em>');
$this->assertRaw('<em>' . $this->webUser->id() . '</em>');
// Add a user picture.
......
......@@ -303,7 +303,8 @@ public function testImportDiff() {
$this->assertNoRaw('&amp;nbsp;');
$this->assertSession()->titleEquals("View changes of $config_name | Drupal");
// The following assertions do not use $this::assertEscaped() because
// The following assertions do not use
// $this->assertSession()->assertEscaped() because
// \Drupal\Component\Diff\DiffFormatter adds markup that signifies what has
// changed.
......
......@@ -148,9 +148,9 @@ public function testFieldConfigTranslation() {
$this->clickLink('Add');
$this->assertText('Translatable field setting');
$this->assertEscaped($translatable_field_setting);
$this->assertSession()->assertEscaped($translatable_field_setting);
$this->assertText('Translatable storage setting');
$this->assertEscaped($translatable_storage_setting);
$this->assertSession()->assertEscaped($translatable_storage_setting);
// Add translation for label.
$field_label_fr = $this->randomString();
......@@ -163,19 +163,19 @@ public function testFieldConfigTranslation() {
// Check if the translated label appears.
$this->drupalLogin($this->adminUser);
$this->drupalGet("/fr/entity_test/structure/$bundle/fields");
$this->assertEscaped($field_label_fr);
$this->assertSession()->assertEscaped($field_label_fr);
// Clear cache on French version and check for translated label.
$this->drupalPostForm('/fr/admin/config/development/performance', [], 'Clear all caches');
$this->drupalGet("/fr/entity_test/structure/$bundle/fields");
// Check if the translation is still there.
$this->assertEscaped($field_label_fr);
$this->assertSession()->assertEscaped($field_label_fr);
// Clear cache on default version and check for translated label.
$this->drupalPostForm('/admin/config/development/performance', [], 'Clear all caches');
$this->drupalGet("/fr/entity_test/structure/$bundle/fields");
// Check if the translation is still there.
$this->assertEscaped($field_label_fr);
$this->assertSession()->assertEscaped($field_label_fr);
}
}
......@@ -108,7 +108,7 @@ public function testMapperListPage() {
$base_url = 'admin/structure/config_test/manage/' . $test_entity->id();
$this->drupalGet('admin/config/regional/config-translation/config_test');
$this->assertLinkByHref($base_url . '/translate');
$this->assertEscaped($test_entity->label());
$this->assertSession()->assertEscaped($test_entity->label());
// Make sure there is only a single 'Translate' operation for each
// dropbutton.
......
......@@ -759,9 +759,9 @@ public function testFieldConfigTranslation() {
$this->clickLink('Add');
$this->assertText('Translatable field setting');
$this->assertEscaped($translatable_field_setting);
$this->assertSession()->assertEscaped($translatable_field_setting);
$this->assertText('Translatable storage setting');
$this->assertEscaped($translatable_storage_setting);
$this->assertSession()->assertEscaped($translatable_storage_setting);
}
/**
......@@ -800,8 +800,8 @@ public function testBooleanFieldConfigTranslation() {
$this->assertText(Html::escape(strip_tags($on_label)) . ' Boolean settings');
// Checks that the correct on and off labels appear on the form.
$this->assertEscaped($on_label);
$this->assertEscaped($off_label);
$this->assertSession()->assertEscaped($on_label);
$this->assertSession()->assertEscaped($off_label);
}
/**
......
......@@ -83,7 +83,7 @@ public function testSendPersonalContactMessage() {
$this->drupalLogin($this->webUser);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertEscaped($mail);
$this->assertSession()->assertEscaped($mail);
$message = $this->submitPersonalContact($this->contactUser);
$mails = $this->getMails();
$this->assertCount(1, $mails);
......
......@@ -192,7 +192,7 @@ public function testSiteWideContact() {
// Ensure that the recipient email is escaped on the listing.
$this->drupalGet('admin/structure/contact');
$this->assertEscaped($recipients[0]);
$this->assertSession()->assertEscaped($recipients[0]);
// Test update contact form.
$this->updateContactForm($id, $label = $this->randomMachineName(16), $recipients_str = implode(',', [$recipients[0], $recipients[1]]), $reply = $this->randomMachineName(30), FALSE, 'Your message has been sent.', '/user');
......
......@@ -156,7 +156,7 @@ public function testDifferentPermissions() {
// Get a page where contextual links are directly rendered.
$this->drupalGet(Url::fromRoute('menu_test.contextual_test'));
$this->assertEscaped("<script>alert('Welcome to the jungle!')</script>");
$this->assertSession()->assertEscaped("<script>alert('Welcome to the jungle!')</script>");
$this->assertRaw('<li class="menu-testcontextual-hidden-manage-edit"><a href="' . base_path() . 'menu-test-contextual/1/edit" class="use-ajax" data-dialog-type="modal" data-is-something>Edit menu - contextual</a></li>');
}
......
......@@ -60,22 +60,22 @@ public function testEntityReferenceXSS() {
// Create a node and reference the node with markup in the title.
$this->drupalLogin($this->rootUser);
$this->drupalGet('node/add/article');
$this->assertEscaped($referenced_node->getTitle());
$this->assertEscaped($node_type_two->label());
$this->assertSession()->assertEscaped($referenced_node->getTitle());
$this->assertSession()->assertEscaped($node_type_two->label());
$edit = [
'title[0][value]' => $this->randomString(),
'entity_reference_test' => $referenced_node->id(),
];
$this->drupalPostForm(NULL, $edit, 'Save');
$this->assertEscaped($referenced_node->getTitle());
$this->assertSession()->assertEscaped($referenced_node->getTitle());
// Test the options_buttons type.
EntityFormDisplay::load('node.article.default')
->setComponent('entity_reference_test', ['type' => 'options_buttons'])
->save();
$this->drupalGet('node/add/article');
$this->assertEscaped($referenced_node->getTitle());
$this->assertSession()->assertEscaped($referenced_node->getTitle());
// options_buttons does not support optgroups.
$this->assertNoText('bundle with markup');
}
......
......@@ -679,7 +679,7 @@ public function testLabelOnMultiValueFields() {
$this->assertSession()->statusCodeEquals(200);
$this->assertText('A field with multiple values');
// Test if labels were XSS filtered.
$this->assertEscaped("<script>alert('a configurable field');</script>");
$this->assertSession()->assertEscaped("<script>alert('a configurable field');</script>");
}
/**
......
......@@ -219,7 +219,7 @@ public function updateField() {
$field_id = 'node.' . $this->contentType . '.' . $this->fieldName;
// Go to the field edit page.
$this->drupalGet('admin/structure/types/manage/' . $this->contentType . '/fields/' . $field_id . '/storage');
$this->assertEscaped($this->fieldLabel);
$this->assertSession()->assertEscaped($this->fieldLabel);
// Populate the field settings with new settings.
$string = 'updated dummy test string';
......
......@@ -323,7 +323,7 @@ public function testFilterAdmin() {
$edit['body[0][format]'] = $plain;
$this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
$this->drupalGet('node/' . $node->id());
$this->assertEscaped($text);
$this->assertSession()->assertEscaped($text);
$this->config('filter.settings')
->set('always_show_fallback_choice', FALSE)
->save();
......@@ -438,7 +438,7 @@ public function testDisabledFormat() {
$this->assertNoText('filtered text');
// The text is not displayed unfiltered or escaped.
$this->assertNoRaw($body_value);
$this->assertNoEscaped($body_value);
$this->assertSession()->assertNoEscaped($body_value);
// Visit the dblog report page.
$this->drupalLogin($this->adminUser);
......@@ -454,7 +454,7 @@ public function testDisabledFormat() {
$this->drupalGet($node->toUrl());
// The text is not displayed unfiltered or escaped.
$this->assertNoRaw($body_value);
$this->assertNoEscaped($body_value);
$this->assertSession()->assertNoEscaped($body_value);
// Visit the dblog report page.
$this->drupalGet('admin/reports/dblog');
......
......@@ -551,7 +551,7 @@ public function testForumWithNewPost() {
$this->assertSession()->statusCodeEquals(200);
// Verify there is no unintentional HTML tag escaping.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
}
/**
......
......@@ -141,16 +141,16 @@ protected function verifyHelp($response = 200) {
foreach ($admin_tasks as $task) {
$this->assertSession()->linkExists($task['title']);
// Ensure there are no double escaped '&' or '<' characters.
$this->assertNoEscaped('&amp;');
$this->assertNoEscaped('&lt;');
$this->assertSession()->assertNoEscaped('&amp;');
$this->assertSession()->assertNoEscaped('&lt;');
// Ensure there are no escaped '<' characters.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
}
// Ensure there are no double escaped '&' or '<' characters.
$this->assertNoEscaped('&amp;');
$this->assertNoEscaped('&lt;');
$this->assertSession()->assertNoEscaped('&amp;');
$this->assertSession()->assertNoEscaped('&lt;');
// Ensure there are no escaped '<' characters.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
}
}
}
......
......@@ -204,7 +204,7 @@ public function testPagePreview() {
// Check that the preview is displaying the title, body and term.
$expected_title = $edit[$title_key] . ' | Drupal';
$this->assertSession()->titleEquals($expected_title);
$this->assertEscaped($edit[$title_key]);
$this->assertSession()->assertEscaped($edit[$title_key]);
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertSession()->linkExists(t('Back to content editing'));
......@@ -244,7 +244,7 @@ public function testPagePreview() {
// Return to page preview to check everything is as expected.
$this->drupalPostForm(NULL, [], t('Preview'));
$this->assertSession()->titleEquals($expected_title);
$this->assertEscaped($edit[$title_key]);
$this->assertSession()->assertEscaped($edit[$title_key]);
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertSession()->linkExists(t('Back to content editing'));
......
......@@ -49,7 +49,7 @@ public function testNodeViewTypeArgument() {
foreach ($types as $type) {
$this->drupalGet("test-node-view/{$type->id()}");
$this->assertEscaped($type->label());
$this->assertSession()->assertEscaped($type->label());
$this->assertNids(array_keys($nodes[$type->id()]));
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment