Unverified Commit ec23e1c8 authored by alexpott's avatar alexpott

Issue #3142752 by sja112, mondrake, xjm, longwave:...

Issue #3142752 by sja112, mondrake, xjm, longwave: AssertLegacyTrait::assert(No)Escaped() in functional tests still have a message passed in

(cherry picked from commit 073679e7)
parent ad66016a
......@@ -320,7 +320,7 @@ public function testFilterAdmin() {
$edit['body[0][format]'] = $plain;
$this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
$this->drupalGet('node/' . $node->id());
$this->assertEscaped($text, 'The "Plain text" text format escapes all HTML tags.');
$this->assertEscaped($text);
$this->config('filter.settings')
->set('always_show_fallback_choice', FALSE)
->save();
......
......@@ -547,7 +547,7 @@ public function testForumWithNewPost() {
$this->assertSession()->statusCodeEquals(200);
// Verify there is no unintentional HTML tag escaping.
$this->assertNoEscaped('<', '');
$this->assertNoEscaped('<');
}
/**
......
......@@ -137,10 +137,10 @@ protected function verifyHelp($response = 200) {
foreach ($admin_tasks as $task) {
$this->assertLink($task['title']);
// Ensure there are no double escaped '&' or '<' characters.
$this->assertNoEscaped('&amp;', 'The help text does not have double escaped &amp;.');
$this->assertNoEscaped('&lt;', 'The help text does not have double escaped &lt;.');
$this->assertNoEscaped('&amp;');
$this->assertNoEscaped('&lt;');
// Ensure there are no escaped '<' characters.
$this->assertNoEscaped('<', 'The help text does not have single escaped &lt;.');
$this->assertNoEscaped('<');
}
// Ensure there are no double escaped '&' or '<' characters.
$this->assertNoEscaped('&amp;');
......
......@@ -200,7 +200,7 @@ public function testPagePreview() {
// Check that the preview is displaying the title, body and term.
$expected_title = $edit[$title_key] . ' | Drupal';
$this->assertSession()->titleEquals($expected_title);
$this->assertEscaped($edit[$title_key], 'Title displayed and escaped.');
$this->assertEscaped($edit[$title_key]);
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertLink(t('Back to content editing'));
......@@ -240,7 +240,7 @@ public function testPagePreview() {
// Return to page preview to check everything is as expected.
$this->drupalPostForm(NULL, [], t('Preview'));
$this->assertSession()->titleEquals($expected_title);
$this->assertEscaped($edit[$title_key], 'Title displayed and escaped.');
$this->assertEscaped($edit[$title_key]);
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertLink(t('Back to content editing'));
......
......@@ -173,7 +173,7 @@ public function testSearchResultsComment() {
// Verify that comment is rendered using proper format.
$this->assertText($comment_body, 'Comment body text found in search results.');
$this->assertNoRaw(t('n/a'), 'HTML in comment body is not hidden.');
$this->assertNoEscaped($edit_comment['comment_body[0][value]'], 'HTML in comment body is not escaped.');
$this->assertNoEscaped($edit_comment['comment_body[0][value]']);
// Search for the evil script comment subject.
$edit = [
......
......@@ -54,14 +54,17 @@ public function testBatchForm() {
// Batch 0: no operation.
$edit = ['batch' => 'batch_0'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
$this->assertNoEscaped('<', 'No escaped markup is present.');
// If there is any escaped markup it will include at least an escaped '<'
// character, so assert on each page that there is no escaped '<' as a way
// of verifying that no markup is incorrectly escaped.
$this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_0'), 'Batch with no operation performed successfully.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
// Batch 1: several simple operations.
$edit = ['batch' => 'batch_1'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
$this->assertNoEscaped('<', 'No escaped markup is present.');
$this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_1'), 'Batch with simple operations performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_1'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
......@@ -69,7 +72,7 @@ public function testBatchForm() {
// Batch 2: one multistep operation.
$edit = ['batch' => 'batch_2'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
$this->assertNoEscaped('<', 'No escaped markup is present.');
$this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_2'), 'Batch with multistep operation performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_2'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
......@@ -77,7 +80,7 @@ public function testBatchForm() {
// Batch 3: simple + multistep combined.
$edit = ['batch' => 'batch_3'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
$this->assertNoEscaped('<', 'No escaped markup is present.');
$this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_3'), 'Batch with simple and multistep operations performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_3'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
......@@ -85,7 +88,7 @@ public function testBatchForm() {
// Batch 4: nested batch.
$edit = ['batch' => 'batch_4'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
$this->assertNoEscaped('<', 'No escaped markup is present.');
$this->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_4'), 'Nested batch performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_4'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
......@@ -121,7 +124,7 @@ public function testBatchForm() {
*/
public function testBatchFormMultistep() {
$this->drupalGet('batch-test/multistep');
$this->assertNoEscaped('<', 'No escaped markup is present.');
$this->assertNoEscaped('<');
$this->assertText('step 1', 'Form is displayed in step 1.');
// First step triggers batch 1.
......@@ -129,14 +132,14 @@ public function testBatchFormMultistep() {
$this->assertBatchMessages($this->_resultMessages('batch_1'), 'Batch for step 1 performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_1'), 'Execution order was correct.');
$this->assertText('step 2', 'Form is displayed in step 2.');
$this->assertNoEscaped('<', 'No escaped markup is present.');
$this->assertNoEscaped('<');
// Second step triggers batch 2.
$this->drupalPostForm(NULL, [], 'Submit');
$this->assertBatchMessages($this->_resultMessages('batch_2'), 'Batch for step 2 performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_2'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
$this->assertNoEscaped('<', 'No escaped markup is present.');
$this->assertNoEscaped('<');
// Extra query arguments will trigger logic that will add them to the
// redirect URL. Make sure they are persisted.
......
......@@ -286,7 +286,8 @@ public function testBreadCrumbs() {
$link_path => $link->getTitle(),
];
$this->assertBreadcrumb($link_path, $trail, $term->getName(), $tree);
$this->assertEscaped($parent->getTitle(), 'Tagged node found.');
// Ensure that the tagged node is found.
$this->assertEscaped($parent->getTitle());
// Additionally make sure that this link appears only once; i.e., the
// untranslated menu links automatically generated from menu router items
......
......@@ -68,7 +68,7 @@ protected function doTestHookMenuIntegration() {
$this->assertLink('Local task A');
$this->assertLink('Local task B');
$this->assertNoLink('Local task C');
$this->assertEscaped("<script>alert('Welcome to the jungle!')</script>", ENT_QUOTES, 'UTF-8');
$this->assertEscaped("<script>alert('Welcome to the jungle!')</script>");
// Confirm correct local task href.
$this->assertLinkByHref(Url::fromRoute('menu_test.router_test1', ['bar' => $machine_name])->toString());
$this->assertLinkByHref(Url::fromRoute('menu_test.router_test2', ['bar' => $machine_name])->toString());
......
......@@ -159,7 +159,8 @@ public function testDateFormatConfiguration() {
$date_format->save();
$this->drupalGet(Url::fromRoute('entity.date_format.collection'));
$this->assertEscaped("<script>alert('XSS');</script>", 'The date format was properly escaped');
// Ensure that the date format is properly escaped.
$this->assertEscaped("<script>alert('XSS');</script>");
// Add a new date format with HTML in it.
$date_format_id = strtolower($this->randomMachineName(8));
......
......@@ -601,7 +601,7 @@ public function testTermBreadcrumbs() {
$this->assertCount(2, $breadcrumbs, 'The breadcrumbs are present on the page.');
$this->assertIdentical($breadcrumbs[0]->getText(), 'Home', 'First breadcrumb text is Home');
$this->assertIdentical($breadcrumbs[1]->getText(), $term->label(), 'Second breadcrumb text is term name on term edit page.');
$this->assertEscaped($breadcrumbs[1]->getText(), 'breadcrumbs displayed and escaped.');
$this->assertEscaped($breadcrumbs[1]->getText());
// Check the breadcrumb on the term delete page.
$this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
......@@ -609,7 +609,7 @@ public function testTermBreadcrumbs() {
$this->assertCount(2, $breadcrumbs, 'The breadcrumbs are present on the page.');
$this->assertIdentical($breadcrumbs[0]->getText(), 'Home', 'First breadcrumb text is Home');
$this->assertIdentical($breadcrumbs[1]->getText(), $term->label(), 'Second breadcrumb text is term name on term delete page.');
$this->assertEscaped($breadcrumbs[1]->getText(), 'breadcrumbs displayed and escaped.');
$this->assertEscaped($breadcrumbs[1]->getText());
}
}
......@@ -23,11 +23,13 @@ class XssTest extends UITestBase {
public function testViewsUi() {
$this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
$this->assertEscaped('<marquee>test</marquee>', 'Field admin label is properly escaped.');
// Verify that the field admin label is properly escaped.
$this->assertEscaped('<marquee>test</marquee>');
$this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
$this->assertEscaped('{{ title }} == <marquee>test</marquee>', 'Token label is properly escaped.');
$this->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>', 'Token label is properly escaped.');
// Verify that the token label is properly escaped.
$this->assertEscaped('{{ title }} == <marquee>test</marquee>');
$this->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>');
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment