Newer
Older
Angie Byron
committed
<?php
namespace Drupal\system\Tests\Theme;
use Drupal\comment\Tests\CommentTestTrait;
catch
committed
use Drupal\Core\Extension\ExtensionDiscovery;
use Drupal\comment\CommentInterface;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
Angie Byron
committed
use Drupal\simpletest\WebTestBase;
use Drupal\comment\Entity\Comment;
use Drupal\taxonomy\Entity\Term;
Angie Byron
committed
/**
* Tests themed output for each entity type in all available themes to ensure
* entity labels are filtered for XSS.
*
* @group Theme
Angie Byron
committed
*/
class EntityFilteringThemeTest extends WebTestBase {
use CommentTestTrait;
Angie Byron
committed
/**
* Use the standard profile.
*
* We test entity theming with the default node, user, comment, and taxonomy
* configurations at several paths in the standard profile.
*
* @var string
*/
protected $profile = 'standard';
/**
* A list of all available themes.
*
catch
committed
* @var \Drupal\Core\Extension\Extension[]
Angie Byron
committed
*/
protected $themes;
/**
* A test user.
*
Alex Pott
committed
* @var \Drupal\user\User
Angie Byron
committed
*/
protected $user;
/**
* A test node.
*
Alex Pott
committed
* @var \Drupal\node\Node
Angie Byron
committed
*/
protected $node;
/**
* A test taxonomy term.
*
Alex Pott
committed
* @var \Drupal\taxonomy\Term
Angie Byron
committed
*/
protected $term;
/**
* A test comment.
*
Alex Pott
committed
* @var \Drupal\comment\Comment
Angie Byron
committed
*/
protected $comment;
/**
* A string containing markup and JS.
*
* @string
*/
protected $xssLabel = "string with <em>HTML</em> and <script>alert('JS');</script>";
Angie Byron
committed
Alex Pott
committed
protected function setUp() {
Angie Byron
committed
parent::setUp();
catch
committed
// Install all available non-testing themes.
$listing = new ExtensionDiscovery(\Drupal::root());
catch
committed
$this->themes = $listing->scan('theme', FALSE);
catch
committed
\Drupal::service('theme_handler')->install(array_keys($this->themes));
Angie Byron
committed
// Create a test user.
$this->user = $this->drupalCreateUser(array('access content', 'access user profiles'));
$this->user->name = $this->xssLabel;
Angie Byron
committed
$this->user->save();
$this->drupalLogin($this->user);
// Create a test term.
$this->term = Term::create([
'name' => $this->xssLabel,
Angie Byron
committed
'vid' => 1,
Alex Pott
committed
$this->term->save();
Angie Byron
committed
// Add a comment field.
$this->addDefaultCommentField('node', 'article', 'comment', CommentItemInterface::OPEN);
Angie Byron
committed
// Create a test node tagged with the test term.
$this->node = $this->drupalCreateNode(array(
'title' => $this->xssLabel,
Angie Byron
committed
'type' => 'article',
'promote' => NODE_PROMOTED,
Dries Buytaert
committed
'field_tags' => array(array('target_id' => $this->term->id())),
Angie Byron
committed
));
// Create a test comment on the test node.
$this->comment = Comment::create(array(
'entity_id' => $this->node->id(),
'entity_type' => 'node',
'field_name' => 'comment',
'status' => CommentInterface::PUBLISHED,
'subject' => $this->xssLabel,
Alex Pott
committed
'comment_body' => array($this->randomMachineName()),
Angie Byron
committed
));
$this->comment->save();
Angie Byron
committed
}
/**
* Checks each themed entity for XSS filtering in available themes.
*/
function testThemedEntity() {
// Check paths where various view modes of the entities are rendered.
$paths = array(
'user',
'node',
'node/' . $this->node->id(),
'taxonomy/term/' . $this->term->id(),
Angie Byron
committed
);
// Check each path in all available themes.
catch
committed
foreach ($this->themes as $name => $theme) {
$this->config('system.theme')
catch
committed
->set('default', $name)
->save();
Angie Byron
committed
foreach ($paths as $path) {
$this->drupalGet($path);
$this->assertResponse(200);
$this->assertNoRaw($this->xssLabel);