Commit 010c4dff authored by alexpott's avatar alexpott

Issue #2340785 by mpdonadio: Create proper test method for determining if text...

Issue #2340785 by mpdonadio: Create proper test method for determining if text has been escaped properly.
parent 80c73227
......@@ -185,9 +185,9 @@ function testThemeName() {
\Drupal::service('theme_handler')->install(array($theme));
\Drupal::service('router.builder')->rebuild();
$this->drupalGet('admin/structure/block');
$this->assertRaw(String::checkPlain('<"Cat" & \'Mouse\'>'));
$this->assertEscaped('<"Cat" & \'Mouse\'>');
$this->drupalGet('admin/structure/block/list/block_test_specialchars_theme');
$this->assertRaw(String::checkPlain('Demonstrate block regions (<"Cat" & \'Mouse\'>)'));
$this->assertEscaped('Demonstrate block regions (<"Cat" & \'Mouse\'>)');
}
/**
......
......@@ -420,8 +420,8 @@ function testLinkFormatter() {
else {
$this->assertNoRaw('<a href="' . String::checkPlain($url1) . '">' . String::checkPlain($url1) . '</a>');
$this->assertNoRaw('<a href="' . String::checkPlain($url2) . '">' . String::checkPlain($url2) . '</a>');
$this->assertRaw(String::checkPlain($url1));
$this->assertRaw(String::checkPlain($url2));
$this->assertEscaped($url1);
$this->assertEscaped($url2);
}
}
break;
......
......@@ -119,7 +119,7 @@ function testSearchResultsComment() {
// Verify that comment is rendered using proper format.
$this->assertText($comment_body, 'Comment body text found in search results.');
$this->assertNoRaw(t('n/a'), 'HTML in comment body is not hidden.');
$this->assertNoRaw(String::checkPlain($edit_comment['comment_body[0][value]']), 'HTML in comment body is not escaped.');
$this->assertNoEscaped($edit_comment['comment_body[0][value]'], 'HTML in comment body is not escaped.');
// Hide comments.
$this->drupalLogin($this->admin_user);
......
......@@ -417,6 +417,61 @@ protected function assertNoRaw($raw, $message = '', $group = 'Other') {
return $this->assert(strpos($this->getRawContent(), $raw) === FALSE, $message, $group);
}
/**
* Passes if the raw text IS found escaped on the loaded page, fail otherwise.
*
* Raw text refers to the raw HTML that the page generated.
*
* @param string $raw
* Raw (HTML) string to look for.
* @param string $message
* (optional) A message to display with the assertion. Do not translate
* messages: use format_string() to embed variables in the message text, not
* t(). If left blank, a default message will be displayed.
* @param string $group
* (optional) The group this message is in, which is displayed in a column
* in test output. Use 'Debug' to indicate this is debugging output. Do not
* translate this string. Defaults to 'Other'; most tests do not override
* this default.
*
* @return bool
* TRUE on pass, FALSE on fail.
*/
protected function assertEscaped($raw, $message = '', $group = 'Other') {
if (!$message) {
$message = String::format('Escaped "@raw" found', array('@raw' => $raw));
}
return $this->assert(strpos($this->getRawContent(), String::checkPlain($raw)) !== FALSE, $message, $group);
}
/**
* Passes if the raw text IS NOT found escaped on the loaded page, fail
* otherwise.
*
* Raw text refers to the raw HTML that the page generated.
*
* @param string $raw
* Raw (HTML) string to look for.
* @param string $message
* (optional) A message to display with the assertion. Do not translate
* messages: use format_string() to embed variables in the message text, not
* t(). If left blank, a default message will be displayed.
* @param string $group
* (optional) The group this message is in, which is displayed in a column
* in test output. Use 'Debug' to indicate this is debugging output. Do not
* translate this string. Defaults to 'Other'; most tests do not override
* this default.
*
* @return bool
* TRUE on pass, FALSE on fail.
*/
protected function assertNoEscaped($raw, $message = '', $group = 'Other') {
if (!$message) {
$message = String::format('Escaped "@raw" not found', array('@raw' => $raw));
}
return $this->assert(strpos($this->getRawContent(), String::checkPlain($raw)) === FALSE, $message, $group);
}
/**
* Passes if the text IS found on the text version of the page.
*
......
......@@ -272,7 +272,7 @@ function testBreadCrumbs() {
$link_path => $link->getTitle(),
);
$this->assertBreadcrumb($link_path, $trail, $term->getName(), $tree);
$this->assertRaw(String::checkPlain($parent->getTitle()), 'Tagged node found.');
$this->assertEscaped($parent->getTitle(), 'Tagged node found.');
// Additionally make sure that this link appears only once; i.e., the
// untranslated menu links automatically generated from menu router items
......@@ -366,7 +366,7 @@ function testBreadCrumbs() {
// Ensure that the breadcrumb is safe against XSS.
$this->drupalGet('menu-test/breadcrumb1/breadcrumb2/breadcrumb3');
$this->assertRaw('<script>alert(12);</script>');
$this->assertRaw(String::checkPlain('<script>alert(123);</script>'));
$this->assertEscaped('<script>alert(123);</script>');
}
}
......@@ -51,7 +51,7 @@ public function testAutoescape() {
];
$rendered = drupal_render($build);
$this->setRawContent($rendered);
$this->assertRaw(String::checkPlain($script));
$this->assertEscaped($script);
}
}
......@@ -199,7 +199,7 @@ function _testTextfieldWidgetsFormatted($field_type, $widget_type) {
$content = $display->build($entity);
$this->drupalSetContent(drupal_render($content));
$this->assertNoRaw($value, 'HTML tags are not displayed.');
$this->assertRaw(String::checkPlain($value), 'Escaped HTML is displayed correctly.');
$this->assertEscaped($value, 'Escaped HTML is displayed correctly.');
// Create a new text format that does not escape HTML, and grant the user
// access to it.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment