/** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
$kernel = \Drupal::
getContainer()->
get('http_kernel'
);
$response =
$kernel->
handle($request)->
prepare($request);
$this->
assertEquals(Response::HTTP_INTERNAL_SERVER_ERROR,
$response->
getStatusCode());
$this->
assertEquals('text/html; charset=UTF-8',
$response->headers->
get('Content-type'
));
// Test message is properly escaped, and that the unescaped string is not
// output at all.
$this->
setRawContent($response->
getContent());
$this->
assertRaw(Html::
escape('Escaped content: <p> <br> <h3>'
));
$this->
assertNoRaw('<p> <br> <h3>'
);
$string = '<script>alert(123);</script>';
$request = Request::
create('/router_test/test2?_format=json' .
urlencode($string), 'GET'
);
$kernel = \Drupal::
getContainer()->
get('http_kernel'
);
$response =
$kernel->
handle($request)->
prepare($request);
// As the Content-type is text/plain the fact that the raw string is
// contained in the output would not matter, but because it is output by the
// final exception subscriber, it is printed as partial HTML, and hence
// escaped.
$this->
assertEquals('text/plain; charset=UTF-8',
$response->headers->
get('Content-type'
));