CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
escape example
public function testAutocompleteSuggestions($string, $suggestions) {
$suggestions = array_map(function D$suggestion) {
return ['value' => $suggestion, 'label' => Html::escape($suggestion)];
}, $suggestions);
$result = $this->autocompleteController->autocomplete(new Request(['q' => $string]));
$this->assertSame($suggestions, json_decode($result->getContent(), TRUE));
}
/** * Data provider for testAutocompleteSuggestions(). * * @return array */
public function providerTestAutocompleteSuggestions() {
if (null !== $type) {
$type = sprintf('[%s] ', $type);
$indentLength = Helper::width($type);
$lineIndentation = str_repeat(' ', $indentLength);
}
// wrap and add newlines for each element $outputWrapper = new OutputWrapper();
foreach ($messages as $key => $message) {
if ($escape) {
$message = OutputFormatter::escape($message);
}
$lines = array_merge(
$lines,
explode(\PHP_EOL, $outputWrapper->wrap(
$message,
$this->lineLength - $prefixLength - $indentLength,
\PHP_EOL
))
);
$type = sprintf('[%s] ', $type);
$indentLength = Helper::width($type);
$lineIndentation = str_repeat(' ', $indentLength);
}
// wrap and add newlines for each element $outputWrapper = new OutputWrapper();
foreach ($messages as $key => $message) {
if ($escape) {
$message = OutputFormatter::escape($message);
}
$lines = array_merge(
$lines,
explode(\PHP_EOL, $outputWrapper->wrap(
$message,
$this->lineLength - $prefixLength - $indentLength,
\PHP_EOL
))
);
return implode("\n", $output);
}
private function preparePlace(int $placeId, string $placeName, array $meta, bool $isInitial, bool $hasMarking): array
{
$placeLabel = $placeName;
if (\array_key_exists('label', $meta)) {
$placeLabel = $meta['label'];
}
$placeLabel = $this->escape($placeLabel);
$labelShape = '((%s))';
if ($isInitial) {
$labelShape = '([%s])';
}
$placeNodeName = 'place'.$placeId;
$placeNodeFormat = '%s'.$labelShape;
$placeNode = sprintf($placeNodeFormat, $placeNodeName, $placeLabel);
$placeStyle = $this->styleNode($meta, $placeNodeName, $hasMarking);
}
private function preparePlace(int $placeId, string $placeName, array $meta, bool $isInitial, bool $hasMarking): array
{
$placeLabel = $placeName;
if (\array_key_exists('label', $meta)) {
$placeLabel = $meta['label'];
}
$placeLabel = $this->escape($placeLabel);
$labelShape = '((%s))';
if ($isInitial) {
$labelShape = '([%s])';
}
$placeNodeName = 'place'.$placeId;
$placeNodeFormat = '%s'.$labelShape;
$placeNode = sprintf($placeNodeFormat, $placeNodeName, $placeLabel);
$placeStyle = $this->styleNode($meta, $placeNodeName, $hasMarking);
public function testStringFormatter() {
$value = $this->randomString();
$value .= "\n\n<strong>" . $this->randomString() . '</strong>';
$value .= "\n\n" . $this->randomString();
$entity = EntityTest::create([]);
$entity->{$this->fieldName}->value = $value;
// Verify that all HTML is escaped and newlines are retained. $this->renderEntityFields($entity, $this->display);
$this->assertNoRaw($value);
$this->assertRaw(nl2br(Html::escape($value)));
// Verify the cache tags. $build = $entity->{$this->fieldName}->view();
$this->assertTrue(!isset($build[0]['#cache']), 'The string formatter has no cache tags.');
}
}
$value = $this->randomString();
$value .= "\n\n<strong>" . $this->randomString() . '</strong>';
$value .= "\n\n" . $this->randomString();
$entity = EntityTest::create([]);
$entity->{$this->fieldName}->value = $value;
// Verify that all HTML is escaped and newlines are retained. $this->renderEntityFields($entity, $this->display);
$this->assertNoRaw($value);
$this->assertRaw(nl2br(Html::escape($value)));
// Verify the cache tags. $build = $entity->{$this->fieldName}->view();
$this->assertTrue(!isset($build[0]['#cache']), 'The string formatter has no cache tags.');
}
}
public function testAttributeValues(array $attributes, $expected) {
$this->assertEquals($expected, (new Attribute($attributes))->__toString());
}
public function providerTestAttributeValues() {
$data = [];
$string = '"> <script>alert(123)</script>"';
$data['safe-object-xss1'] = [['title' => Markup::create($string)], ' title=""> alert(123)""'];
$data['non-safe-object-xss1'] = [['title' => $string], ' title="' . Html::escape($string) . '"'];
$string = '"><script>alert(123)</script>';
$data['safe-object-xss2'] = [['title' => Markup::create($string)], ' title="">alert(123)"'];
$data['non-safe-object-xss2'] = [['title' => $string], ' title="' . Html::escape($string) . '"'];
return $data;
}
/** * Checks that the given CSS class is present in the given HTML snippet. * * @param string $class * The CSS class to check. * @param string $html * The HTML snippet to check. * * @internal */
/** * Passes if the raw text IS NOT found escaped on the loaded page. * * Raw text refers to the raw HTML that the page generated. * * @param string $raw * Raw (HTML) string to look for. */
public function assertNoEscaped($raw) {
$this->responseNotContains(Html::escape($raw));
}
/** * Passes if the raw text IS found escaped on the loaded page. * * Raw text refers to the raw HTML that the page generated. * * @param string $raw * Raw (HTML) string to look for. */
public function assertEscaped($raw) {
/**
* Generates the SQL for listing tables in a platform-dependent manner.
*
* @param string|null $tableName If $tableName is provided will return only this table if exists.
*/
protected function _listTables(bool $prefixLimit = false, ?string $tableName = null): string
{
$sql = 'SELECT "TABLE_NAME" FROM "USER_TABLES"';
if ($tableName !== null) {
return $sql . ' WHERE "TABLE_NAME" LIKE ' . $this->escape($tableName);
}
if ($prefixLimit !== false && $this->DBPrefix !== '') {
return $sql . ' WHERE "TABLE_NAME" LIKE \'' . $this->escapeLikeString($this->DBPrefix) . "%' "
. sprintf($this->likeEscapeStr, $this->likeEscapeChar);
}
return $sql;
}
/** * Generates a platform-specific query string so that the column names can be fetched. */
protected function _listTables(bool $prefixLimit = false, ?string $tableName = null): string
{
$sql = 'SELECT "TABLE_NAME" FROM "USER_TABLES"';
if ($tableName !== null) {
return $sql . ' WHERE "TABLE_NAME" LIKE ' . $this->escape($tableName);
}
if ($prefixLimit !== false && $this->DBPrefix !== '') {
return $sql . ' WHERE "TABLE_NAME" LIKE \'' . $this->escapeLikeString($this->DBPrefix) . "%' "
. sprintf($this->likeEscapeStr, $this->likeEscapeChar);
}
return $sql;
}
/** * Generates a platform-specific query string so that the column names can be fetched. */
if (null !== $type) {
$type = sprintf('[%s] ', $type);
$indentLength = Helper::width($type);
$lineIndentation = str_repeat(' ', $indentLength);
}
// wrap and add newlines for each element $outputWrapper = new OutputWrapper();
foreach ($messages as $key => $message) {
if ($escape) {
$message = OutputFormatter::escape($message);
}
$lines = array_merge(
$lines,
explode(\PHP_EOL, $outputWrapper->wrap(
$message,
$this->lineLength - $prefixLength - $indentLength,
\PHP_EOL
))
);
$type = sprintf('[%s] ', $type);
$indentLength = Helper::width($type);
$lineIndentation = str_repeat(' ', $indentLength);
}
// wrap and add newlines for each element $outputWrapper = new OutputWrapper();
foreach ($messages as $key => $message) {
if ($escape) {
$message = OutputFormatter::escape($message);
}
$lines = array_merge(
$lines,
explode(\PHP_EOL, $outputWrapper->wrap(
$message,
$this->lineLength - $prefixLength - $indentLength,
\PHP_EOL
))
);
// Test the value options.
$value_options = $view->filter['permission']->getValueOptions();
$permission_by_module = [];
$permissions = \Drupal::service('user.permissions')->getPermissions();
foreach ($permissions as $name => $permission) {
$permission_by_module[$permission['provider']][$name] = $permission;
}
foreach (['system' => 'System', 'user' => 'User'] as $module => $title) {
$expected = array_map(function D$permission) {
return Html::escape(strip_tags($permission['title']));
}, $permission_by_module[$module]);
$this->assertEquals($expected, $value_options[$title], 'Ensure the all permissions are available');
}
}
}
$permission_by_module = [];
$permissions = \Drupal::service('user.permissions')->getPermissions();
foreach ($permissions as $name => $permission) {
$permission_by_module[$permission['provider']][$name] = $permission;
}
foreach (['system' => 'System', 'user' => 'User'] as $module => $title) {
$expected = array_map(function D$permission) {
return Html::escape(strip_tags($permission['title']));
}, $permission_by_module[$module]);
$this->assertEquals($expected, $value_options[$title], 'Ensure the all permissions are available');
}
}
}
$result = $query->execute();
if (empty($result)) {
return [];
}
$options = [];
$entities = $this->entityTypeManager->getStorage($target_type)->loadMultiple($result);
foreach ($entities as $entity_id => $entity) {
$bundle = $entity->bundle();
$options[$bundle][$entity_id] = Html::escape($this->entityRepository->getTranslationFromContext($entity)->label() ?? '');
}
return $options;
}
/** * {@inheritdoc} */
public function countReferenceableEntities($match = NULL, $match_operator = 'CONTAINS') {
$query = $this->buildEntityQuery($match, $match_operator);
return $query
if (empty($result)) {
return [];
}
$options = [];
$entities = $this->entityTypeManager->getStorage($target_type)->loadMultiple($result);
foreach ($entities as $entity_id => $entity) {
$bundle = $entity->bundle();
$options[$bundle][$entity_id] = Html::escape($this->entityRepository->getTranslationFromContext($entity)->label() ?? '');
}
return $options;
}
/** * {@inheritdoc} */
public function countReferenceableEntities($match = NULL, $match_operator = 'CONTAINS') {
$query = $this->buildEntityQuery($match, $match_operator);
return $query
'€', '€'],
];
}
/** * Tests Html::escape(). * * @dataProvider providerEscape * @covers ::escape */
public function testEscape($expected, $text) {
$this->assertEquals($expected, Html::escape($text));
}
/** * Data provider for testEscape(). * * @see testEscape() */
public function providerEscape() {
return [
['Drupal', 'Drupal'],
['<script>', '<script>'],
[
];
}
/** * Tests Html::escape(). * * @dataProvider providerEscape * @covers ::escape */
public function testEscape($expected, $text) {
$this->assertEquals($expected, Html::escape($text));
}
/** * Data provider for testEscape(). * * @see testEscape() */
public function providerEscape() {
return [
['Drupal', 'Drupal'],
['<script>', '<script>'],
[
'weight' => 0,
'settings' => [
'allowed_html' => "<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type='1 A I'> <li> <dl> <dt> <dd> <h2 id='jump-*'> <h3 id> <h4 id> <h5 id> <h6 id>" . "<p> <br>",
'filter_html_help' => TRUE,
'filter_html_nofollow' => TRUE,
],
],
],
'violations' => [
'filters.filter_html' => sprintf(
'The current CKEditor 5 build requires the following elements and attributes: <br><code>%s</code><br>The following elements are not supported: <br><code>%s</code>',
Html::escape('<br> <p> <* dir="ltr rtl" lang>'),
Html::escape('<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type="1 A I"> <li> <dl> <dt> <dd> <h2 id="jump-*"> <h3 id> <h4 id> <h5 id> <h6 id>'),
),
],
];
$data['INVALID: HTML format: empty toolbar + default allowed HTML tags'] = [
'settings' => [
'toolbar' => [
'items' => [],
],
'plugins' => [],
],
'settings' => [
'allowed_html' => "<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type='1 A I'> <li> <dl> <dt> <dd> <h2 id='jump-*'> <h3 id> <h4 id> <h5 id> <h6 id>" . "<p> <br>",
'filter_html_help' => TRUE,
'filter_html_nofollow' => TRUE,
],
],
],
'violations' => [
'filters.filter_html' => sprintf(
'The current CKEditor 5 build requires the following elements and attributes: <br><code>%s</code><br>The following elements are not supported: <br><code>%s</code>',
Html::escape('<br> <p> <* dir="ltr rtl" lang>'),
Html::escape('<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type="1 A I"> <li> <dl> <dt> <dd> <h2 id="jump-*"> <h3 id> <h4 id> <h5 id> <h6 id>'),
),
],
];
$data['INVALID: HTML format: empty toolbar + default allowed HTML tags'] = [
'settings' => [
'toolbar' => [
'items' => [],
],
'plugins' => [],
],
return $abbrevs;
}
public function renderThrowable(\Throwable $e, OutputInterface $output): void
{
$output->writeln('', OutputInterface::VERBOSITY_QUIET);
$this->doRenderThrowable($e, $output);
if (null !== $this->runningCommand) {
$output->writeln(sprintf('<info>%s</info>', OutputFormatter::escape(sprintf($this->runningCommand->getSynopsis(), $this->getName()))), OutputInterface::VERBOSITY_QUIET);
$output->writeln('', OutputInterface::VERBOSITY_QUIET);
}
}
protected function doRenderThrowable(\Throwable $e, OutputInterface $output): void
{
do {
$message = trim($e->getMessage());
if ('' === $message || OutputInterface::VERBOSITY_VERBOSE <= $output->getVerbosity()) {
$class = get_debug_type($e);
$title = sprintf(' [%s%s] ', $class, 0 !== ($code = $e->getCode()) ? ' ('.$code.')' : '');
}
public function renderThrowable(\Throwable $e, OutputInterface $output): void
{
$output->writeln('', OutputInterface::VERBOSITY_QUIET);
$this->doRenderThrowable($e, $output);
if (null !== $this->runningCommand) {
$output->writeln(sprintf('<info>%s</info>', OutputFormatter::escape(sprintf($this->runningCommand->getSynopsis(), $this->getName()))), OutputInterface::VERBOSITY_QUIET);
$output->writeln('', OutputInterface::VERBOSITY_QUIET);
}
}
protected function doRenderThrowable(\Throwable $e, OutputInterface $output): void
{
do {
$message = trim($e->getMessage());
if ('' === $message || OutputInterface::VERBOSITY_VERBOSE <= $output->getVerbosity()) {
$class = get_debug_type($e);
$title = sprintf(' [%s%s] ', $class, 0 !== ($code = $e->getCode()) ? ' ('.$code.')' : '');
public function testAnchorTagStripping() {
$filtered_rendered_results_formatted = [];
foreach ($this->selectionHandler->getReferenceableEntities() as $subresults) {
$filtered_rendered_results_formatted += array_map(fn(MarkupInterface $markup): string => (string) $markup, $subresults);
}
// Note the missing <a> tags. $expected = [
1 => '<span class="views-field views-field-title"><span class="field-content">' . Html::escape($this->nodes[1]->label()) . '</span></span>',
2 => '<span class="views-field views-field-title"><span class="field-content">' . Html::escape($this->nodes[2]->label()) . '</span></span>',
3 => '<span class="views-field views-field-title"><span class="field-content">' . Html::escape($this->nodes[3]->label()) . '</span></span>',
];
$this->assertSame($expected, $filtered_rendered_results_formatted, 'Anchor tag stripping has failed.');
}
/** * Confirm the expected results are returned. * * @param array $result * Query results keyed by node type and nid. * * @internal */
$target_type = 'node';
$selection_handler = 'views';
$selection_settings = $this->handlerSettings;
$selection_settings_key = Crypt::hmacBase64(serialize($selection_settings) . $target_type . $selection_handler, Settings::getHashSalt());
\Drupal::keyValue('entity_autocomplete')->set($selection_settings_key, $selection_settings);
$result = Json::decode($this->drupalGet('entity_reference_autocomplete/' . $target_type . '/' . $selection_handler . '/' . $selection_settings_key, ['query' => ['q' => 't']]));
$expected = [
0 => [
'value' => $this->nodes[1]->bundle() . ': ' . $this->nodes[1]->label() . ' (' . $this->nodes[1]->id() . ')',
'label' => '<span class="views-field views-field-type"><span class="field-content">' . $this->nodes[1]->bundle() . '</span></span>: <span class="views-field views-field-title"><span class="field-content">' . Html::escape($this->nodes[1]->label()) . '</span></span>',
],
1 => [
'value' => $this->nodes[2]->bundle() . ': ' . $this->nodes[2]->label() . ' (' . $this->nodes[2]->id() . ')',
'label' => '<span class="views-field views-field-type"><span class="field-content">' . $this->nodes[2]->bundle() . '</span></span>: <span class="views-field views-field-title"><span class="field-content">' . Html::escape($this->nodes[2]->label()) . '</span></span>',
],
2 => [
'value' => $this->nodes[3]->bundle() . ': ' . $this->nodes[3]->label() . ' (' . $this->nodes[3]->id() . ')',
'label' => '<span class="views-field views-field-type"><span class="field-content">' . $this->nodes[3]->bundle() . '</span></span>: <span class="views-field views-field-title"><span class="field-content">' . Html::escape($this->nodes[3]->label()) . '</span></span>',
],
];
$this->assertEquals($expected, $result, 'The autocomplete result of the Views entity reference selection handler contains the proper output.');
}
$selection_handler = 'views';
$selection_settings = $this->handlerSettings;
$selection_settings_key = Crypt::hmacBase64(serialize($selection_settings) . $target_type . $selection_handler, Settings::getHashSalt());
\Drupal::keyValue('entity_autocomplete')->set($selection_settings_key, $selection_settings);
$result = Json::decode($this->drupalGet('entity_reference_autocomplete/' . $target_type . '/' . $selection_handler . '/' . $selection_settings_key, ['query' => ['q' => 't']]));
$expected = [
0 => [
'value' => $this->nodes[1]->bundle() . ': ' . $this->nodes[1]->label() . ' (' . $this->nodes[1]->id() . ')',
'label' => '<span class="views-field views-field-type"><span class="field-content">' . $this->nodes[1]->bundle() . '</span></span>: <span class="views-field views-field-title"><span class="field-content">' . Html::escape($this->nodes[1]->label()) . '</span></span>',
],
1 => [
'value' => $this->nodes[2]->bundle() . ': ' . $this->nodes[2]->label() . ' (' . $this->nodes[2]->id() . ')',
'label' => '<span class="views-field views-field-type"><span class="field-content">' . $this->nodes[2]->bundle() . '</span></span>: <span class="views-field views-field-title"><span class="field-content">' . Html::escape($this->nodes[2]->label()) . '</span></span>',
],
2 => [
'value' => $this->nodes[3]->bundle() . ': ' . $this->nodes[3]->label() . ' (' . $this->nodes[3]->id() . ')',
'label' => '<span class="views-field views-field-type"><span class="field-content">' . $this->nodes[3]->bundle() . '</span></span>: <span class="views-field views-field-title"><span class="field-content">' . Html::escape($this->nodes[3]->label()) . '</span></span>',
],
];
$this->assertEquals($expected, $result, 'The autocomplete result of the Views entity reference selection handler contains the proper output.');
}