filterBadProtocol example

/** * Checks that harmful protocols are stripped. */
  public function testBadProtocolStripping() {
    // Ensure that check_url() strips out harmful protocols, and encodes for     // HTML.     // Ensure \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() can     // be used to return a plain-text string stripped of harmful protocols.     $url = 'javascript:http://www.example.com/?x=1&y=2';
    $expected_plain = 'http://www.example.com/?x=1&y=2';
    $expected_html = 'http://www.example.com/?x=1&y=2';
    $this->assertSame($expected_html, UrlHelper::filterBadProtocol($url), '\\Drupal\\Component\\Utility\\UrlHelper::filterBadProtocol() filters a URL and encodes it for HTML.');
    $this->assertSame($expected_plain, UrlHelper::stripDangerousProtocols($url), '\\Drupal\\Component\\Utility\\UrlHelper::stripDangerousProtocols() filters a URL and returns plain text.');

  }

}
/** * #lazy_builder callback; renders a form action URL including destination. * * @return array * A renderable array representing the form action. * * @see \Drupal\Core\Form\FormBuilder::renderPlaceholderFormAction() */
  public static function renderPlaceholderFormAction() {
    return [
      '#type' => 'markup',
      '#markup' => UrlHelper::filterBadProtocol(Url::fromRoute('<current>', []['query' => \Drupal::destination()->getAsArray(), 'external' => FALSE])->toString()),
      '#cache' => ['contexts' => ['url.path', 'url.query_args']],
    ];
  }

  /** * {@inheritdoc} */
  public static function trustedCallbacks() {
    return ['renderPlaceholderFormAction'];
  }

}
// Prevent cross site requests via the Form API by using an absolute URL     // when the request uri starts with multiple slashes..     if (str_starts_with($request_uri, '//')) {
      $request_uri = $request->getUri();
    }

    // @todo Remove this parsing once these are removed from the request in     // https://www.drupal.org/node/2504709.     $parsed = UrlHelper::parse($request_uri);
    unset($parsed['query'][static::AJAX_FORM_REQUEST]$parsed['query'][MainContentViewSubscriber::WRAPPER_FORMAT]);
    $action = $parsed['path'] . ($parsed['query'] ? ('?' . UrlHelper::buildQuery($parsed['query'])) : '');
    return UrlHelper::filterBadProtocol($action);
  }

  /** * {@inheritdoc} */
  public function setInvalidTokenError(FormStateInterface $form_state) {
    $this->formValidator->setInvalidTokenError($form_state);
  }

  /** * {@inheritdoc} */

  public function testFilterBadProtocol($uri$expected$protocols) {
    UrlHelper::setAllowedProtocols($protocols);
    $this->assertEquals($expected, UrlHelper::filterBadProtocol($uri));
    // Multiple calls to UrlHelper::filterBadProtocol() do not cause double     // escaping.     $this->assertEquals($expected, UrlHelper::filterBadProtocol(UrlHelper::filterBadProtocol($uri)));
  }

  /** * Provides data for self::testTestFilterBadProtocol(). * * @return array */
  public static function providerTestFilterBadProtocol() {
    
$attributes = preg_replace('/^\s+/', '', $attributes);
          }
          break;

        case 2:
          // Once we've finished processing the attribute value continue to look           // for attributes.           $mode = 0;
          $working = 1;
          // Attribute value, a URL after href= for instance.           if (preg_match('/^"([^"]*)"(\s+|$)/', $attributes$match)) {
            $value = $skip_protocol_filtering ? $match[1] : UrlHelper::filterBadProtocol($match[1]);

            if (!$skip) {
              $attributes_array[] = "$attribute_name=\"$value\"";
            }
            $attributes = preg_replace('/^"[^"]*"(\s+|$)/', '', $attributes);
            break;
          }

          if (preg_match("/^'([^']*)'(\s+|$)/", $attributes$match)) {
            $value = $skip_protocol_filtering ? $match[1] : UrlHelper::filterBadProtocol($match[1]);

            
$comment->setHomepage('http://example.org/');

    // Add HTML to ensure that sanitation of some fields tested directly.     $comment->setSubject('<blink>Blinking Comment</blink>');

    // Generate and test tokens.     $tests = [];
    $tests['[comment:cid]'] = $comment->id();
    $tests['[comment:hostname]'] = $comment->getHostname();
    $tests['[comment:author]'] = Html::escape($comment->getAuthorName());
    $tests['[comment:mail]'] = $this->adminUser->getEmail();
    $tests['[comment:homepage]'] = UrlHelper::filterBadProtocol($comment->getHomepage());
    $tests['[comment:title]'] = Html::escape($comment->getSubject());
    $tests['[comment:body]'] = $comment->comment_body->processed;
    $tests['[comment:langcode]'] = $comment->language()->getId();
    $tests['[comment:url]'] = $comment->toUrl('canonical', $url_options + ['fragment' => 'comment-' . $comment->id()])->toString();
    $tests['[comment:edit-url]'] = $comment->toUrl('edit-form', $url_options)->toString();
    $tests['[comment:created]'] = \Drupal::service('date.formatter')->format($comment->getCreatedTime(), 'medium', ['langcode' => $language_interface->getId()]);
    $tests['[comment:created:since]'] = \Drupal::service('date.formatter')->formatTimeDiffSince($comment->getCreatedTime()['langcode' => $language_interface->getId()]);
    $tests['[comment:changed:since]'] = \Drupal::service('date.formatter')->formatTimeDiffSince($comment->getChangedTimeAcrossTranslations()['langcode' => $language_interface->getId()]);
    $tests['[comment:parent:cid]'] = $comment->hasParentComment() ? $comment->getParentComment()->id() : NULL;
    $tests['[comment:parent:title]'] = $parent_comment->getSubject();
    $tests['[comment:entity]'] = Html::escape($node->getTitle());
    
Home | Imprint | This part of the site doesn't use cookies.