Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #3139433 by mondrake, Hardik_Patel_12, mohrerao, jungle: Replace usages of AssertLegacyTrait::assert(No)Escaped, that is deprecated

merge-requests/2/head
catch 2020-08-10 11:29:50 +01:00
parent 30ca835cce
commit 7628e38b90
49 changed files with 117 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/modules/aggregator/tests/src/Functional/AddFeedTest.php
View File

@ -63,7 +63,7 @@ class AddFeedTest extends AggregatorTestBase {
$this->drupalGet('aggregator/sources/' . $feed->id());
$this->assertSession()->statusCodeEquals(200);
$this->assertEscaped('Test feed title <script>alert(123);</script>');
$this->assertSession()->assertEscaped('Test feed title <script>alert(123);</script>');
$this->assertNoRaw('Test feed title <script>alert(123);</script>');
// Ensure the feed icon title is escaped.

4
core/modules/block/tests/src/Functional/BlockTest.php
View File

@ -282,9 +282,9 @@ class BlockTest extends BlockTestBase {
$theme = 'block_test_specialchars_theme';
\Drupal::service('theme_installer')->install([$theme]);
$this->drupalGet('admin/structure/block');
$this->assertEscaped('<"Cat" & \'Mouse\'>');
$this->assertSession()->assertEscaped('<"Cat" & \'Mouse\'>');
$this->drupalGet('admin/structure/block/list/block_test_specialchars_theme');
$this->assertEscaped('Demonstrate block regions (<"Cat" & \'Mouse\'>)');
$this->assertSession()->assertEscaped('Demonstrate block regions (<"Cat" & \'Mouse\'>)');
}
/**

2
core/modules/block/tests/src/Functional/BlockUiTest.php
View File

@ -97,7 +97,7 @@ class BlockUiTest extends BrowserTestBase {
// Ensure that other themes can use the block demo page.
\Drupal::service('theme_installer')->install(['test_theme']);
$this->drupalGet('admin/structure/block/demo/test_theme');
$this->assertEscaped('<strong>Test theme</strong>');
$this->assertSession()->assertEscaped('<strong>Test theme</strong>');
// Ensure that a hidden theme cannot use the block demo page.
\Drupal::service('theme_installer')->install(['stable']);

14
core/modules/block/tests/src/Functional/BlockXssTest.php
View File

@ -38,7 +38,7 @@ class BlockXssTest extends BrowserTestBase {
]));
$this->drupalGet(Url::fromRoute('block.admin_display'));
$this->clickLink('Place block');
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
}
/**
@ -125,14 +125,14 @@ class BlockXssTest extends BrowserTestBase {
// second one. Note that the second assertion is redundant with the one
// further down which also checks for the Display label, but is included
// here for clarity.
$this->assertNoEscaped('<script>alert("view1");</script>:');
$this->assertEscaped('<script>alert("view2");</script>:');
$this->assertSession()->assertNoEscaped('<script>alert("view1");</script>:');
$this->assertSession()->assertEscaped('<script>alert("view2");</script>:');
// Assert that the blocks have their admin labels escaped and
// don't appear anywhere unescaped.
$this->assertEscaped('<script>alert("view1");</script>');
$this->assertSession()->assertEscaped('<script>alert("view1");</script>');
$this->assertNoRaw('<script>alert("view1");</script>');
$this->assertEscaped('<script>alert("view2");</script>: Fish & chips');
$this->assertSession()->assertEscaped('<script>alert("view2");</script>: Fish & chips');
$this->assertNoRaw('<script>alert("view2");</script>');
$this->assertNoRaw('Fish & chips');
@ -153,7 +153,7 @@ class BlockXssTest extends BrowserTestBase {
$this->drupalGet(Url::fromRoute('block.admin_display'));
$this->clickLink('Place block');
$this->assertEscaped('<script>alert("menu");</script>');
$this->assertSession()->assertEscaped('<script>alert("menu");</script>');
$this->assertNoRaw('<script>alert("menu");</script>');
}
@ -174,7 +174,7 @@ class BlockXssTest extends BrowserTestBase {
$this->drupalGet(Url::fromRoute('block.admin_display'));
$this->clickLink('Place block');
$this->assertEscaped('<script>alert("block_content");</script>');
$this->assertSession()->assertEscaped('<script>alert("block_content");</script>');
$this->assertNoRaw('<script>alert("block_content");</script>');
}

4
core/modules/comment/tests/src/Functional/CommentPreviewTest.php
View File

@ -50,12 +50,12 @@ class CommentPreviewTest extends CommentTestBase {
$edit['subject[0][value]'] = $this->randomMachineName(8);
$edit['comment_body[0][value]'] = $this->randomMachineName(16);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertEscaped('<em>' . $this->webUser->id() . '</em>');
$this->assertSession()->assertEscaped('<em>' . $this->webUser->id() . '</em>');
\Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertInstanceOf(MarkupInterface::class, $this->webUser->getDisplayName());
$this->assertNoEscaped('<em>' . $this->webUser->id() . '</em>');
$this->assertSession()->assertNoEscaped('<em>' . $this->webUser->id() . '</em>');
$this->assertRaw('<em>' . $this->webUser->id() . '</em>');
// Add a user picture.

3
core/modules/config/tests/src/Functional/ConfigImportUITest.php
View File

@ -303,7 +303,8 @@ class ConfigImportUITest extends BrowserTestBase {
$this->assertNoRaw('&amp;nbsp;');
$this->assertSession()->titleEquals("View changes of $config_name | Drupal");
// The following assertions do not use $this::assertEscaped() because
// The following assertions do not use
// $this->assertSession()->assertEscaped() because
// \Drupal\Component\Diff\DiffFormatter adds markup that signifies what has
// changed.

10
core/modules/config_translation/tests/src/Functional/ConfigTranslationCacheTest.php
View File

@ -148,9 +148,9 @@ class ConfigTranslationCacheTest extends BrowserTestBase {
$this->clickLink('Add');
$this->assertText('Translatable field setting');
$this->assertEscaped($translatable_field_setting);
$this->assertSession()->assertEscaped($translatable_field_setting);
$this->assertText('Translatable storage setting');
$this->assertEscaped($translatable_storage_setting);
$this->assertSession()->assertEscaped($translatable_storage_setting);
// Add translation for label.
$field_label_fr = $this->randomString();
@ -163,19 +163,19 @@ class ConfigTranslationCacheTest extends BrowserTestBase {
// Check if the translated label appears.
$this->drupalLogin($this->adminUser);
$this->drupalGet("/fr/entity_test/structure/$bundle/fields");
$this->assertEscaped($field_label_fr);
$this->assertSession()->assertEscaped($field_label_fr);
// Clear cache on French version and check for translated label.
$this->drupalPostForm('/fr/admin/config/development/performance', [], 'Clear all caches');
$this->drupalGet("/fr/entity_test/structure/$bundle/fields");
// Check if the translation is still there.
$this->assertEscaped($field_label_fr);
$this->assertSession()->assertEscaped($field_label_fr);
// Clear cache on default version and check for translated label.
$this->drupalPostForm('/admin/config/development/performance', [], 'Clear all caches');
$this->drupalGet("/fr/entity_test/structure/$bundle/fields");
// Check if the translation is still there.
$this->assertEscaped($field_label_fr);
$this->assertSession()->assertEscaped($field_label_fr);
}
}

2
core/modules/config_translation/tests/src/Functional/ConfigTranslationOverviewTest.php
View File

@ -108,7 +108,7 @@ class ConfigTranslationOverviewTest extends BrowserTestBase {
$base_url = 'admin/structure/config_test/manage/' . $test_entity->id();
$this->drupalGet('admin/config/regional/config-translation/config_test');
$this->assertLinkByHref($base_url . '/translate');
$this->assertEscaped($test_entity->label());
$this->assertSession()->assertEscaped($test_entity->label());
// Make sure there is only a single 'Translate' operation for each
// dropbutton.

8
core/modules/config_translation/tests/src/Functional/ConfigTranslationUiTest.php
View File

@ -759,9 +759,9 @@ class ConfigTranslationUiTest extends BrowserTestBase {
$this->clickLink('Add');
$this->assertText('Translatable field setting');
$this->assertEscaped($translatable_field_setting);
$this->assertSession()->assertEscaped($translatable_field_setting);
$this->assertText('Translatable storage setting');
$this->assertEscaped($translatable_storage_setting);
$this->assertSession()->assertEscaped($translatable_storage_setting);
}
/**
@ -800,8 +800,8 @@ class ConfigTranslationUiTest extends BrowserTestBase {
$this->assertText(Html::escape(strip_tags($on_label)) . ' Boolean settings');
// Checks that the correct on and off labels appear on the form.
$this->assertEscaped($on_label);
$this->assertEscaped($off_label);
$this->assertSession()->assertEscaped($on_label);
$this->assertSession()->assertEscaped($off_label);
}
/**

2
core/modules/contact/tests/src/Functional/ContactPersonalTest.php
View File

@ -83,7 +83,7 @@ class ContactPersonalTest extends BrowserTestBase {
$this->drupalLogin($this->webUser);
$this->drupalGet('user/' . $this->contactUser->id() . '/contact');
$this->assertEscaped($mail);
$this->assertSession()->assertEscaped($mail);
$message = $this->submitPersonalContact($this->contactUser);
$mails = $this->getMails();
$this->assertCount(1, $mails);

2
core/modules/contact/tests/src/Functional/ContactSitewideTest.php
View File

@ -192,7 +192,7 @@ class ContactSitewideTest extends BrowserTestBase {
// Ensure that the recipient email is escaped on the listing.
$this->drupalGet('admin/structure/contact');
$this->assertEscaped($recipients[0]);
$this->assertSession()->assertEscaped($recipients[0]);
// Test update contact form.
$this->updateContactForm($id, $label = $this->randomMachineName(16), $recipients_str = implode(',', [$recipients[0], $recipients[1]]), $reply = $this->randomMachineName(30), FALSE, 'Your message has been sent.', '/user');

2
core/modules/contextual/tests/src/Functional/ContextualDynamicContextTest.php
View File

@ -156,7 +156,7 @@ class ContextualDynamicContextTest extends BrowserTestBase {
// Get a page where contextual links are directly rendered.
$this->drupalGet(Url::fromRoute('menu_test.contextual_test'));
$this->assertEscaped("<script>alert('Welcome to the jungle!')</script>");
$this->assertSession()->assertEscaped("<script>alert('Welcome to the jungle!')</script>");
$this->assertRaw('<li class="menu-testcontextual-hidden-manage-edit"><a href="' . base_path() . 'menu-test-contextual/1/edit" class="use-ajax" data-dialog-type="modal" data-is-something>Edit menu - contextual</a></li>');
}

8
core/modules/field/tests/src/Functional/EntityReference/EntityReferenceXSSTest.php
View File

@ -60,22 +60,22 @@ class EntityReferenceXSSTest extends BrowserTestBase {
// Create a node and reference the node with markup in the title.
$this->drupalLogin($this->rootUser);
$this->drupalGet('node/add/article');
$this->assertEscaped($referenced_node->getTitle());
$this->assertEscaped($node_type_two->label());
$this->assertSession()->assertEscaped($referenced_node->getTitle());
$this->assertSession()->assertEscaped($node_type_two->label());
$edit = [
'title[0][value]' => $this->randomString(),
'entity_reference_test' => $referenced_node->id(),
];
$this->drupalPostForm(NULL, $edit, 'Save');
$this->assertEscaped($referenced_node->getTitle());
$this->assertSession()->assertEscaped($referenced_node->getTitle());
// Test the options_buttons type.
EntityFormDisplay::load('node.article.default')
->setComponent('entity_reference_test', ['type' => 'options_buttons'])
->save();
$this->drupalGet('node/add/article');
$this->assertEscaped($referenced_node->getTitle());
$this->assertSession()->assertEscaped($referenced_node->getTitle());
// options_buttons does not support optgroups.
$this->assertNoText('bundle with markup');
}

2
core/modules/field/tests/src/Functional/FormTest.php
View File

@ -679,7 +679,7 @@ class FormTest extends FieldTestBase {
$this->assertSession()->statusCodeEquals(200);
$this->assertText('A field with multiple values');
// Test if labels were XSS filtered.
$this->assertEscaped("<script>alert('a configurable field');</script>");
$this->assertSession()->assertEscaped("<script>alert('a configurable field');</script>");
}
/**

2
core/modules/field_ui/tests/src/Functional/ManageFieldsFunctionalTest.php
View File

@ -219,7 +219,7 @@ class ManageFieldsFunctionalTest extends BrowserTestBase {
$field_id = 'node.' . $this->contentType . '.' . $this->fieldName;
// Go to the field edit page.
$this->drupalGet('admin/structure/types/manage/' . $this->contentType . '/fields/' . $field_id . '/storage');
$this->assertEscaped($this->fieldLabel);
$this->assertSession()->assertEscaped($this->fieldLabel);
// Populate the field settings with new settings.
$string = 'updated dummy test string';

6
core/modules/filter/tests/src/Functional/FilterAdminTest.php
View File

@ -323,7 +323,7 @@ class FilterAdminTest extends BrowserTestBase {
$edit['body[0][format]'] = $plain;
$this->drupalPostForm('node/' . $node->id() . '/edit', $edit, t('Save'));
$this->drupalGet('node/' . $node->id());
$this->assertEscaped($text);
$this->assertSession()->assertEscaped($text);
$this->config('filter.settings')
->set('always_show_fallback_choice', FALSE)
->save();
@ -438,7 +438,7 @@ class FilterAdminTest extends BrowserTestBase {
$this->assertNoText('filtered text');
// The text is not displayed unfiltered or escaped.
$this->assertNoRaw($body_value);
$this->assertNoEscaped($body_value);
$this->assertSession()->assertNoEscaped($body_value);
// Visit the dblog report page.
$this->drupalLogin($this->adminUser);
@ -454,7 +454,7 @@ class FilterAdminTest extends BrowserTestBase {
$this->drupalGet($node->toUrl());
// The text is not displayed unfiltered or escaped.
$this->assertNoRaw($body_value);
$this->assertNoEscaped($body_value);
$this->assertSession()->assertNoEscaped($body_value);
// Visit the dblog report page.
$this->drupalGet('admin/reports/dblog');

2
core/modules/forum/tests/src/Functional/ForumTest.php
View File

@ -551,7 +551,7 @@ class ForumTest extends BrowserTestBase {
$this->assertSession()->statusCodeEquals(200);
// Verify there is no unintentional HTML tag escaping.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
}
/**

12
core/modules/help/tests/src/Functional/HelpTest.php
View File

@ -141,16 +141,16 @@ class HelpTest extends BrowserTestBase {
foreach ($admin_tasks as $task) {
$this->assertSession()->linkExists($task['title']);
// Ensure there are no double escaped '&' or '<' characters.
$this->assertNoEscaped('&amp;');
$this->assertNoEscaped('&lt;');
$this->assertSession()->assertNoEscaped('&amp;');
$this->assertSession()->assertNoEscaped('&lt;');
// Ensure there are no escaped '<' characters.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
}
// Ensure there are no double escaped '&' or '<' characters.
$this->assertNoEscaped('&amp;');
$this->assertNoEscaped('&lt;');
$this->assertSession()->assertNoEscaped('&amp;');
$this->assertSession()->assertNoEscaped('&lt;');
// Ensure there are no escaped '<' characters.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
}
}
}

4
core/modules/node/tests/src/Functional/PagePreviewTest.php
View File

@ -204,7 +204,7 @@ class PagePreviewTest extends NodeTestBase {
// Check that the preview is displaying the title, body and term.
$expected_title = $edit[$title_key] . ' | Drupal';
$this->assertSession()->titleEquals($expected_title);
$this->assertEscaped($edit[$title_key]);
$this->assertSession()->assertEscaped($edit[$title_key]);
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertSession()->linkExists(t('Back to content editing'));
@ -244,7 +244,7 @@ class PagePreviewTest extends NodeTestBase {
// Return to page preview to check everything is as expected.
$this->drupalPostForm(NULL, [], t('Preview'));
$this->assertSession()->titleEquals($expected_title);
$this->assertEscaped($edit[$title_key]);
$this->assertSession()->assertEscaped($edit[$title_key]);
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertSession()->linkExists(t('Back to content editing'));

2
core/modules/node/tests/src/Functional/Views/NodeIntegrationTest.php
View File

@ -49,7 +49,7 @@ class NodeIntegrationTest extends NodeTestBase {
foreach ($types as $type) {
$this->drupalGet("test-node-view/{$type->id()}");
$this->assertEscaped($type->label());
$this->assertSession()->assertEscaped($type->label());
$this->assertNids(array_keys($nodes[$type->id()]));
}
}

2
core/modules/search/tests/src/Functional/SearchCommentTest.php
View File

@ -173,7 +173,7 @@ class SearchCommentTest extends BrowserTestBase {
// Verify that comment is rendered using proper format.
$this->assertText($comment_body, 'Comment body text found in search results.');
$this->assertNoRaw(t('n/a'), 'HTML in comment body is not hidden.');
$this->assertNoEscaped($edit_comment['comment_body[0][value]']);
$this->assertSession()->assertNoEscaped($edit_comment['comment_body[0][value]']);
// Search for the evil script comment subject.
$edit = [

2
core/modules/search/tests/src/Functional/SearchPageTextTest.php
View File

@ -61,7 +61,7 @@ class SearchPageTextTest extends BrowserTestBase {
$this->drupalLogin($this->searchingUser);
$this->drupalGet('search/node');
$this->assertEscaped($keys['label']);
$this->assertSession()->assertEscaped($keys['label']);
}
/**

16
core/modules/system/tests/src/Functional/Batch/ProcessingTest.php
View File

@ -57,14 +57,14 @@ class ProcessingTest extends BrowserTestBase {
// If there is any escaped markup it will include at least an escaped '<'
// character, so assert on each page that there is no escaped '<' as a way
// of verifying that no markup is incorrectly escaped.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_0'), 'Batch with no operation performed successfully.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
// Batch 1: several simple operations.
$edit = ['batch' => 'batch_1'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_1'), 'Batch with simple operations performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_1'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
@ -72,7 +72,7 @@ class ProcessingTest extends BrowserTestBase {
// Batch 2: one multistep operation.
$edit = ['batch' => 'batch_2'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_2'), 'Batch with multistep operation performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_2'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
@ -80,7 +80,7 @@ class ProcessingTest extends BrowserTestBase {
// Batch 3: simple + multistep combined.
$edit = ['batch' => 'batch_3'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_3'), 'Batch with simple and multistep operations performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_3'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
@ -88,7 +88,7 @@ class ProcessingTest extends BrowserTestBase {
// Batch 4: nested batch.
$edit = ['batch' => 'batch_4'];
$this->drupalPostForm('batch-test', $edit, 'Submit');
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
$this->assertBatchMessages($this->_resultMessages('batch_4'), 'Nested batch performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_4'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
@ -124,7 +124,7 @@ class ProcessingTest extends BrowserTestBase {
*/
public function testBatchFormMultistep() {
$this->drupalGet('batch-test/multistep');
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
$this->assertText('step 1', 'Form is displayed in step 1.');
// First step triggers batch 1.
@ -132,14 +132,14 @@ class ProcessingTest extends BrowserTestBase {
$this->assertBatchMessages($this->_resultMessages('batch_1'), 'Batch for step 1 performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_1'), 'Execution order was correct.');
$this->assertText('step 2', 'Form is displayed in step 2.');
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
// Second step triggers batch 2.
$this->drupalPostForm(NULL, [], 'Submit');
$this->assertBatchMessages($this->_resultMessages('batch_2'), 'Batch for step 2 performed successfully.');
$this->assertEqual(batch_test_stack(), $this->_resultStack('batch_2'), 'Execution order was correct.');
$this->assertText('Redirection successful.', 'Redirection after batch execution is correct.');
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
// Extra query arguments will trigger logic that will add them to the
// redirect URL. Make sure they are persisted.

2
core/modules/system/tests/src/Functional/Bootstrap/DrupalMessengerServiceTest.php
View File

@ -48,7 +48,7 @@ class DrupalMessengerServiceTest extends BrowserTestBase {
$this->assertNoUniqueText('Duplicate Markup / string.');
// Ensure that strings that are not marked as safe are escaped.
$this->assertEscaped('<em>This<span>markup will be</span> escaped</em>.');
$this->assertSession()->assertEscaped('<em>This<span>markup will be</span> escaped</em>.');
// Ensure messages survive a container rebuild.
$assert = $this->assertSession();

2
core/modules/system/tests/src/Functional/Form/FormTest.php
View File

@ -400,7 +400,7 @@ class FormTest extends BrowserTestBase {
$this->drupalGet('form-test/select');
// Verify that the options are escaped as expected.
$this->assertEscaped('<strong>four</strong>');
$this->assertSession()->assertEscaped('<strong>four</strong>');
$this->assertNoRaw('<strong>four</strong>');
// Posting without any values should throw validation errors.

4
core/modules/system/tests/src/Functional/Menu/BreadcrumbTest.php
View File

@ -287,7 +287,7 @@ class BreadcrumbTest extends BrowserTestBase {
];
$this->assertBreadcrumb($link_path, $trail, $term->getName(), $tree);
// Ensure that the tagged node is found.
$this->assertEscaped($parent->getTitle());
$this->assertSession()->assertEscaped($parent->getTitle());
// Additionally make sure that this link appears only once; i.e., the
// untranslated menu links automatically generated from menu router items
@ -381,7 +381,7 @@ class BreadcrumbTest extends BrowserTestBase {
// Ensure that the breadcrumb is safe against XSS.
$this->drupalGet('menu-test/breadcrumb1/breadcrumb2/breadcrumb3');
$this->assertRaw('<script>alert(12);</script>');
$this->assertEscaped('<script>alert(123);</script>');
$this->assertSession()->assertEscaped('<script>alert(123);</script>');
}
/**

4
core/modules/system/tests/src/Functional/Menu/MenuLinkSecurityTest.php
View File

@ -38,8 +38,8 @@ class MenuLinkSecurityTest extends BrowserTestBase {
$this->drupalGet('<front>');
$this->assertNoRaw('<script>alert("Wild animals")</script>');
$this->assertNoRaw('<script>alert("Even more wild animals")</script>');
$this->assertEscaped('<script>alert("Wild animals")</script>');
$this->assertEscaped('<script>alert("Even more wild animals")</script>');
$this->assertSession()->assertEscaped('<script>alert("Wild animals")</script>');
$this->assertSession()->assertEscaped('<script>alert("Even more wild animals")</script>');
}
}

2
core/modules/system/tests/src/Functional/Menu/MenuRouterTest.php
View File

@ -68,7 +68,7 @@ class MenuRouterTest extends BrowserTestBase {
$this->assertSession()->linkExists('Local task A');
$this->assertSession()->linkExists('Local task B');
$this->assertSession()->linkNotExists('Local task C');
$this->assertEscaped("<script>alert('Welcome to the jungle!')</script>");
$this->assertSession()->assertEscaped("<script>alert('Welcome to the jungle!')</script>");
// Confirm correct local task href.
$this->assertLinkByHref(Url::fromRoute('menu_test.router_test1', ['bar' => $machine_name])->toString());
$this->assertLinkByHref(Url::fromRoute('menu_test.router_test2', ['bar' => $machine_name])->toString());

4
core/modules/system/tests/src/Functional/System/DateTimeTest.php
View File

@ -160,7 +160,7 @@ class DateTimeTest extends BrowserTestBase {
$this->drupalGet(Url::fromRoute('entity.date_format.collection'));
// Ensure that the date format is properly escaped.
$this->assertEscaped("<script>alert('XSS');</script>");
$this->assertSession()->assertEscaped("<script>alert('XSS');</script>");
// Add a new date format with HTML in it.
$date_format_id = strtolower($this->randomMachineName(8));
@ -175,7 +175,7 @@ class DateTimeTest extends BrowserTestBase {
$this->assertUrl(Url::fromRoute('entity.date_format.collection', [], ['absolute' => TRUE])->toString(), [], 'Correct page redirection.');
$this->assertText(t('Custom date format added.'), 'Date format added confirmation message appears.');
$this->assertText($name, 'Custom date format appears in the date format list.');
$this->assertEscaped('<em>' . date("Y") . '</em>');
$this->assertSession()->assertEscaped('<em>' . date("Y") . '</em>');
}
/**

2
core/modules/system/tests/src/Functional/UpdateSystem/UpdatePostUpdateFailingTest.php
View File

@ -78,7 +78,7 @@ class UpdatePostUpdateFailingTest extends BrowserTestBase {
// First update, should not be run since this module's update hooks fail.
$this->assertRaw('8001 - This update will fail.');
$this->assertRaw('8002 - A further update.');
$this->assertEscaped("First update, should not be run since this module's update hooks fail.");
$this->assertSession()->assertEscaped("First update, should not be run since this module's update hooks fail.");
}
}

4
core/modules/taxonomy/tests/src/Functional/TermTest.php
View File

@ -604,7 +604,7 @@ class TermTest extends TaxonomyTestBase {
$this->assertCount(2, $breadcrumbs, 'The breadcrumbs are present on the page.');
$this->assertIdentical($breadcrumbs[0]->getText(), 'Home', 'First breadcrumb text is Home');
$this->assertIdentical($breadcrumbs[1]->getText(), $term->label(), 'Second breadcrumb text is term name on term edit page.');
$this->assertEscaped($breadcrumbs[1]->getText());
$this->assertSession()->assertEscaped($breadcrumbs[1]->getText());
// Check the breadcrumb on the term delete page.
$this->drupalGet('taxonomy/term/' . $term->id() . '/delete');
@ -612,7 +612,7 @@ class TermTest extends TaxonomyTestBase {
$this->assertCount(2, $breadcrumbs, 'The breadcrumbs are present on the page.');
$this->assertIdentical($breadcrumbs[0]->getText(), 'Home', 'First breadcrumb text is Home');
$this->assertIdentical($breadcrumbs[1]->getText(), $term->label(), 'Second breadcrumb text is term name on term delete page.');
$this->assertEscaped($breadcrumbs[1]->getText());
$this->assertSession()->assertEscaped($breadcrumbs[1]->getText());
}
}

2
core/modules/taxonomy/tests/src/Functional/Views/TaxonomyDefaultArgumentTest.php
View File

@ -27,7 +27,7 @@ class TaxonomyDefaultArgumentTest extends TaxonomyTestBase {
public function testTermTitleEscaping() {
$this->term1->setName('<em>Markup</em>')->save();
$this->drupalGet('taxonomy_default_argument_test/' . $this->term1->id());
$this->assertEscaped($this->term1->label());
$this->assertSession()->assertEscaped($this->term1->label());
}
}

2
core/modules/taxonomy/tests/src/Functional/Views/TaxonomyFieldAllTermsTest.php
View File

@ -37,7 +37,7 @@ class TaxonomyFieldAllTermsTest extends TaxonomyTestBase {
$this->assertCount(2, $actual, 'Correct number of taxonomy term1 links');
$this->assertEqual($actual[0]->getText(), $this->term1->label());
$this->assertEqual($actual[1]->getText(), $this->term1->label());
$this->assertEscaped($this->term1->label());
$this->assertSession()->assertEscaped($this->term1->label());
$actual = $this->xpath('//a[@href="' . $this->term2->toUrl()->toString() . '"]');
$this->assertCount(2, $actual, 'Correct number of taxonomy term2 links');

2
core/modules/taxonomy/tests/src/Functional/Views/TaxonomyTermArgumentDepthTest.php
View File

@ -63,7 +63,7 @@ class TaxonomyTermArgumentDepthTest extends TaxonomyTestBase {
*/
public function testTermWithDepthArgumentTitleEscaping() {
$this->drupalGet('test_argument_taxonomy_index_tid_depth/' . $this->terms[0]->id());
$this->assertEscaped($this->terms[0]->label());
$this->assertSession()->assertEscaped($this->terms[0]->label());
}
}

4
core/modules/tracker/tests/src/Functional/TrackerTest.php
View File

@ -230,12 +230,12 @@ class TrackerTest extends BrowserTestBase {
Cache::invalidateTags(['rendered']);
\Drupal::state()->set('user_hooks_test_user_format_name_alter', TRUE);
$this->drupalGet('user/' . $this->user->id() . '/activity');
$this->assertEscaped('<em>' . $this->user->id() . '</em>');
$this->assertSession()->assertEscaped('<em>' . $this->user->id() . '</em>');
\Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE);
Cache::invalidateTags(['rendered']);
$this->drupalGet('user/' . $this->user->id() . '/activity');
$this->assertNoEscaped('<em>' . $this->user->id() . '</em>');
$this->assertSession()->assertNoEscaped('<em>' . $this->user->id() . '</em>');
$this->assertRaw('<em>' . $this->user->id() . '</em>');
}

2
core/modules/user/tests/src/Functional/Views/RolesRidArgumentTest.php
View File

@ -32,7 +32,7 @@ class RolesRidArgumentTest extends UserTestBase {
$user->save();
$this->drupalGet('/user_roles_rid_test/markup_role_name');
$this->assertEscaped('<em>Role name with markup</em>');
$this->assertSession()->assertEscaped('<em>Role name with markup</em>');
}
}

4
core/modules/views/tests/src/Functional/Plugin/StyleTableTest.php
View File

@ -216,7 +216,7 @@ class StyleTableTest extends ViewTestBase {
// Ensure that all expected captions are found.
foreach ($expected_captions as $raw_caption) {
$this->assertEscaped($raw_caption);
$this->assertSession()->assertEscaped($raw_caption);
}
$display = &$view->getDisplay('default');
@ -238,7 +238,7 @@ class StyleTableTest extends ViewTestBase {
// Ensure that all expected captions are found.
foreach ($expected_captions as $raw_caption) {
$this->assertEscaped($raw_caption);
$this->assertSession()->assertEscaped($raw_caption);
}
}

2
core/modules/views/tests/src/Functional/SearchIntegrationTest.php
View File

@ -120,7 +120,7 @@ class SearchIntegrationTest extends ViewTestBase {
$results = $this->xpath($xpath);
$this->assertEqual($results[0]->getText(), "Drupal's search rocks <em>really</em> rocks!");
$this->assertEqual($results[1]->getText(), "Drupal's search rocks.");
$this->assertEscaped("Drupal's search rocks <em>really</em> rocks!");
$this->assertSession()->assertEscaped("Drupal's search rocks <em>really</em> rocks!");
// Test sorting with another set of titles.
$node = [

6
core/modules/views/tests/src/Functional/ViewsEscapingTest.php
View File

@ -49,7 +49,7 @@ class ViewsEscapingTest extends ViewTestBase {
$this->drupalGet('test_page_display_200');
// Assert that there are no escaped '<'s characters.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
// Install theme to test with template system.
\Drupal::service('theme_installer')->install(['views_test_theme']);
@ -66,7 +66,7 @@ class ViewsEscapingTest extends ViewTestBase {
$this->assertText('force', 'The force is strong with this one');
// Assert that there are no escaped '<'s characters.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
}
/**
@ -77,7 +77,7 @@ class ViewsEscapingTest extends ViewTestBase {
$this->drupalGet('test_field_header');
// Assert that there are no escaped '<'s characters.
$this->assertNoEscaped('<');
$this->assertSession()->assertNoEscaped('<');
// Test with a field header label having a XSS test as a wrapper.
$this->drupalGet('test_field_header_xss');

4
core/modules/views_ui/tests/src/Functional/DisplayAttachmentTest.php
View File

@ -35,7 +35,7 @@ class DisplayAttachmentTest extends UITestBase {
$attachment_display_url = 'admin/structure/views/nojs/display/test_attachment_ui/attachment_1/displays';
$this->drupalGet($attachment_display_url);
// Display labels should be escaped.
$this->assertEscaped('<em>Page</em>');
$this->assertSession()->assertEscaped('<em>Page</em>');
$this->assertSession()->checkboxNotChecked("edit-displays-default");
$this->assertSession()->checkboxNotChecked("edit-displays-page-1");
@ -43,7 +43,7 @@ class DisplayAttachmentTest extends UITestBase {
// Save the attachments and test the value on the view.
$this->drupalPostForm($attachment_display_url, ['displays[page_1]' => 1], t('Apply'));
// Options summary should be escaped.
$this->assertEscaped('<em>Page</em>');
$this->assertSession()->assertEscaped('<em>Page</em>');
$this->assertNoRaw('<em>Page</em>');
$result = $this->xpath('//a[@id = :id]', [':id' => 'views-attachment-1-displays']);
$this->assertEqual($result[0]->getAttribute('title'), t('Page'));

4
core/modules/views_ui/tests/src/Functional/DisplayFeedTest.php
View File

@ -56,7 +56,7 @@ class DisplayFeedTest extends UITestBase {
// Check the attach TO interface.
$this->drupalGet('admin/structure/views/nojs/display/' . $view_name . '/feed_1/displays');
// Display labels should be escaped.
$this->assertEscaped('<em>Page</em>');
$this->assertSession()->assertEscaped('<em>Page</em>');
// Load all the options of the checkbox.
$result = $this->xpath('//div[@id="edit-displays"]/div');
@ -73,7 +73,7 @@ class DisplayFeedTest extends UITestBase {
// Post and save this and check the output.
$this->drupalPostForm('admin/structure/views/nojs/display/' . $view_name . '/feed_1/displays', ['displays[page]' => 'page'], t('Apply'));
// Options summary should be escaped.
$this->assertEscaped('<em>Page</em>');
$this->assertSession()->assertEscaped('<em>Page</em>');
$this->assertNoRaw('<em>Page</em>');
$this->drupalGet('admin/structure/views/view/' . $view_name . '/edit/feed_1');

6
core/modules/views_ui/tests/src/Functional/DisplayPathTest.php
View File

@ -87,9 +87,9 @@ class DisplayPathTest extends UITestBase {
$this->drupalPostForm('admin/structure/views/view/test_view', [], t('Save'));
$this->drupalGet('admin/structure/views');
// The anchor text should be escaped.
$this->assertEscaped('/<object>malformed_path</object>');
$this->assertEscaped('/<script>alert("hello");</script>');
$this->assertEscaped('/<script>alert("hello I have placeholders %");</script>');
$this->assertSession()->assertEscaped('/<object>malformed_path</object>');
$this->assertSession()->assertEscaped('/<script>alert("hello");</script>');
$this->assertSession()->assertEscaped('/<script>alert("hello I have placeholders %");</script>');
// Links should be url-encoded.
$this->assertRaw('/%3Cobject%3Emalformed_path%3C/object%3E');
$this->assertRaw('/%3Cscript%3Ealert%28%22hello%22%29%3B%3C/script%3E');

12
core/modules/views_ui/tests/src/Functional/DisplayTest.php
View File

@ -218,15 +218,15 @@ class DisplayTest extends UITestBase {
$this->drupalGet("admin/structure/views/view/{$view->id()}");
$escaped = views_ui_truncate($input, 25);
$this->assertEscaped($escaped);
$this->assertSession()->assertEscaped($escaped);
$this->assertNoRaw($xss_markup);
$this->drupalGet("admin/structure/views/view/{$view->id()}/edit/page_1");
$this->assertEscaped("View $escaped");
$this->assertSession()->assertEscaped("View $escaped");
$this->assertNoRaw("View $xss_markup");
$this->assertEscaped("Duplicate $escaped");
$this->assertSession()->assertEscaped("Duplicate $escaped");
$this->assertNoRaw("Duplicate $xss_markup");
$this->assertEscaped("Delete $escaped");
$this->assertSession()->assertEscaped("Delete $escaped");
$this->assertNoRaw("Delete $xss_markup");
}
}
@ -243,7 +243,7 @@ class DisplayTest extends UITestBase {
$this->drupalPostForm($display_title_path, ['display_title' => $display_title], t('Apply'));
// Ensure that the title is escaped as expected.
$this->assertEscaped($display_title);
$this->assertSession()->assertEscaped($display_title);
$this->assertNoRaw($display_title);
// Ensure that the dropdown buttons are displayed correctly.
@ -258,7 +258,7 @@ class DisplayTest extends UITestBase {
$this->assertNoFieldByXpath('//input[@type="submit"]', 'Disable ' . $display_title);
// Ensure that the title is escaped as expected.
$this->assertEscaped($display_title);
$this->assertSession()->assertEscaped($display_title);
$this->assertNoRaw($display_title);
}

4
core/modules/views_ui/tests/src/Functional/HandlerTest.php
View File

@ -196,8 +196,8 @@ class HandlerTest extends UITestBase {
])->save();
$this->drupalGet('admin/structure/views/nojs/add-handler/content/default/field');
$this->assertEscaped('The <em>giraffe"</em> label <script>alert("the return of the xss")</script>');
$this->assertEscaped('Appears in: page, article. Also known as: Content: The giraffe" label');
$this->assertSession()->assertEscaped('The <em>giraffe"</em> label <script>alert("the return of the xss")</script>');
$this->assertSession()->assertEscaped('Appears in: page, article. Also known as: Content: The giraffe" label');
}
/**

2
core/modules/views_ui/tests/src/Functional/PreviewTest.php
View File

@ -113,7 +113,7 @@ FROM
{views_test_data} "views_test_data"
WHERE (views_test_data.id = '100')
SQL;
$this->assertEscaped($query_string);
$this->assertSession()->assertEscaped($query_string);
// Test that the statistics and query are rendered above the preview.
$this->assertTrue(strpos($this->getSession()->getPage()->getContent(), 'views-query-info') < strpos($this->getSession()->getPage()->getContent(), 'view-test-preview'), 'Statistics shown above the preview.');

2
core/modules/views_ui/tests/src/Functional/RowUITest.php
View File

@ -81,7 +81,7 @@ class RowUITest extends UITestBase {
$teaser->set('label', 'Teaser <em>markup</em>');
$teaser->save();
$this->drupalGet('admin/structure/views/view/frontpage/edit/default');
$this->assertEscaped('Teaser <em>markup</em>');
$this->assertSession()->assertEscaped('Teaser <em>markup</em>');
}
}

12
core/modules/views_ui/tests/src/Functional/XssTest.php
View File

@ -24,12 +24,12 @@ class XssTest extends UITestBase {
public function testViewsUi() {
$this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
// Verify that the field admin label is properly escaped.
$this->assertEscaped('<marquee>test</marquee>');
$this->assertSession()->assertEscaped('<marquee>test</marquee>');
$this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
// Verify that the token label is properly escaped.
$this->assertEscaped('{{ title }} == <marquee>test</marquee>');
$this->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>');
$this->assertSession()->assertEscaped('{{ title }} == <marquee>test</marquee>');
$this->assertSession()->assertEscaped('{{ title_1 }} == <script>alert("XSS")</script>');
}
/**
@ -37,13 +37,13 @@ class XssTest extends UITestBase {
*/
public function testNoDoubleEscaping() {
$this->drupalGet('admin/structure/views');
$this->assertNoEscaped('&lt;');
$this->assertSession()->assertNoEscaped('&lt;');
$this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
$this->assertNoEscaped('&lt;');
$this->assertSession()->assertNoEscaped('&lt;');
$this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
$this->assertNoEscaped('&lt;');
$this->assertSession()->assertNoEscaped('&lt;');
}
}

13
core/tests/Drupal/FunctionalTests/BrowserTestBaseTest.php
View File

@ -849,6 +849,19 @@ class BrowserTestBaseTest extends BrowserTestBase {
$assert->assertNoEscaped("<script>alert('Marked safe');alert(\"Marked safe\");</script>");
}
/**
* Tests deprecation of legacy assertEscaped() and assertNoEscaped().
*
* @group legacy
* @expectedDeprecation AssertLegacyTrait::assertNoEscaped() is deprecated in drupal:8.2.0 and is removed from drupal:10.0.0. Use $this->assertSession()->assertNoEscaped() instead. See https://www.drupal.org/node/3129738
* @expectedDeprecation AssertLegacyTrait::assertEscaped() is deprecated in drupal:8.2.0 and is removed from drupal:10.0.0. Use $this->assertSession()->assertEscaped() instead. See https://www.drupal.org/node/3129738
*/
public function testLegacyEscapingAssertions(): void {
$this->drupalGet('test-escaped-characters');
$this->assertNoEscaped('<div class="escaped">');
$this->assertEscaped('Escaped: <"\'&>');
}
/**
* Tests that deprecation headers do not get duplicated.
*

2
core/tests/Drupal/Tests/Listeners/DeprecationListenerTrait.php
View File

@ -142,8 +142,6 @@ trait DeprecationListenerTrait {
'AssertLegacyTrait::assertFieldByXPath() is deprecated in drupal:8.3.0 and is removed from drupal:10.0.0. Use $this->xpath() instead and check the values directly in the test. See https://www.drupal.org/node/3129738',
'AssertLegacyTrait::assertNoFieldByXPath() is deprecated in drupal:8.3.0 and is removed from drupal:10.0.0. Use $this->xpath() instead and assert that the result is empty. See https://www.drupal.org/node/3129738',
'AssertLegacyTrait::assertFieldsByValue() is deprecated in drupal:8.3.0 and is removed from drupal:10.0.0. Use iteration over the fields yourself instead and directly check the values in the test. See https://www.drupal.org/node/3129738',
'AssertLegacyTrait::assertEscaped() is deprecated in drupal:8.2.0 and is removed from drupal:10.0.0. Use $this->assertSession()->assertEscaped() instead. See https://www.drupal.org/node/3129738',
'AssertLegacyTrait::assertNoEscaped() is deprecated in drupal:8.2.0 and is removed from drupal:10.0.0. Use $this->assertSession()->assertNoEscaped() instead. See https://www.drupal.org/node/3129738',
'AssertLegacyTrait::assertPattern() is deprecated in drupal:8.2.0 and is removed from drupal:10.0.0. Use $this->assertSession()->responseMatches() instead. See https://www.drupal.org/node/3129738',
'AssertLegacyTrait::constructFieldXpath() is deprecated in drupal:8.5.0 and is removed from drupal:10.0.0. Use $this->getSession()->getPage()->findField() instead. See https://www.drupal.org/node/3129738',
];