// Relative URL that is known to confuse parse_url().
$url = 'foo/bar:1';
$result =
[ 'path' => 'foo/bar:1',
'query' =>
[],
'fragment' => '',
];
$this->
assertEquals($result, UrlHelper::
parse($url), 'Relative URL parsed correctly.'
);
// Test that drupal can recognize an absolute URL. Used to prevent attack vectors.
$url = 'https://www.drupal.org/foo/bar?foo=bar&bar=baz&baz#foo';
$this->
assertTrue(UrlHelper::
isExternal($url), 'Correctly identified an external URL.'
);
// Test that UrlHelper::parse() does not allow spoofing a URL to force a malicious redirect.
$parts = UrlHelper::
parse('forged:http://cwe.mitre.org/data/definitions/601.html'
);
$this->
assertFalse(UrlHelper::
isValid($parts['path'
], TRUE
), '\Drupal\Component\Utility\UrlHelper::isValid() correctly parsed a forged URL.'
);
} /**
* Tests external URL handling.
*/
public function testExternalUrls() { $test_url = 'https://www.drupal.org/';