Commit 3b9d87bc authored by catch's avatar catch
Browse files

task: #3340147 Convert testSkipSecurityFilters() to a unit or kernel test 

By: @quietone
By: @ajinkya45
By: @smustgrave
By: @mstrelan
By: @mondrake
(cherry picked from commit e26ec06c)
parent 5c146e46

core/modules/filter/tests/src/Functional/FilterSecurityTest.php

+0 −11
Original line number Diff line number Diff line
@@ -5,7 +5,6 @@ 
namespace Drupal\Tests\filter\Functional;



use Drupal\filter\Entity\FilterFormat;

use Drupal\filter\Plugin\FilterInterface;

use Drupal\Tests\BrowserTestBase;

use Drupal\user\RoleInterface;

use PHPUnit\Framework\Attributes\Group;
@@ -92,14 +91,4 @@ public function testDisableFilterModule(): void { 
    $this->assertSession()->pageTextNotContains($body_raw);

  }



  /**

   * Tests that security filters are enforced even when marked to be skipped.

   */

  public function testSkipSecurityFilters(): void {

    $text = "Text with some disallowed tags: <script />, <p><object>unicorn</object></p>, <i><table></i>.";

    $expected_filtered_text = "Text with some disallowed tags: , <p>unicorn</p>, .";

    $this->assertSame($expected_filtered_text, (string) check_markup($text, 'filtered_html', '', []), 'Expected filter result.');

    $this->assertSame($expected_filtered_text, (string) check_markup($text, 'filtered_html', '', [FilterInterface::TYPE_HTML_RESTRICTOR]), 'Expected filter result, even when trying to disable filters of the FilterInterface::TYPE_HTML_RESTRICTOR type.');

  }



}

core/modules/filter/tests/src/Kernel/FilterSecurityKernelTest.php

0 → 100644
+66 −0
Original line number Diff line number Diff line 
<?php



declare(strict_types=1);



namespace Drupal\Tests\filter\Kernel;



use Drupal\filter\Plugin\FilterInterface;

use Drupal\KernelTests\KernelTestBase;

use Drupal\filter\Entity\FilterFormat;

use PHPUnit\Framework\Attributes\Group;

use PHPUnit\Framework\Attributes\RunTestsInSeparateProcesses;



/**

 * Tests that security filters are enforced even when marked to be skipped.

 */

#[RunTestsInSeparateProcesses]

#[Group('filter')]

class FilterSecurityKernelTest extends KernelTestBase {



  /**

   * {@inheritdoc}

   */

  protected static $modules = ['filter'];



  /**

   * {@inheritdoc}

   */

  protected function setUp(): void {

    parent::setUp();



    // Create a dedicated text format for this test.

    FilterFormat::create([

      'format' => 'kernel_filtered_html',

      'name' => 'Kernel Filtered HTML',

      'filters' => [

        'filter_html' => [

          'status' => TRUE,

          'settings' => [

            'allowed_html' => '<p>',

          ],

        ],

      ],

    ])->save();

  }



  /**

   * Tests that security filters are enforced even when marked to be skipped.

   */

  public function testSkipSecurityFilters(): void {

    $text = "Text with some disallowed tags: <script />, <p><object>unicorn</object></p>, <i><table></i>.";

    $expected = "Text with some disallowed tags: , <p>unicorn</p>, .";



    $this->assertSame(

      $expected,

      (string) check_markup($text, 'kernel_filtered_html', '', []),

      'Expected filter result.'

    );



    $this->assertSame(

      $expected,

      (string) check_markup($text, 'kernel_filtered_html', '', [FilterInterface::TYPE_HTML_RESTRICTOR]),

      'Expected filter result, even when trying to skip security filters.'

    );

  }



}