function LocaleTranslationUiTest::testStringValidation

Same name in other branches
  1. 8.9.x core/modules/locale/tests/src/Functional/LocaleTranslationUiTest.php \Drupal\Tests\locale\Functional\LocaleTranslationUiTest::testStringValidation()
  2. 10 core/modules/locale/tests/src/Functional/LocaleTranslationUiTest.php \Drupal\Tests\locale\Functional\LocaleTranslationUiTest::testStringValidation()
  3. 11.x core/modules/locale/tests/src/Functional/LocaleTranslationUiTest.php \Drupal\Tests\locale\Functional\LocaleTranslationUiTest::testStringValidation()

Tests the validation of the translation input.

File

core/modules/locale/tests/src/Functional/LocaleTranslationUiTest.php, line 318

Class

LocaleTranslationUiTest
Tests the validation of translation strings and search results.

Namespace

Drupal\Tests\locale\Functional

Code

public function testStringValidation() {
    // User to add language and strings.
    $admin_user = $this->drupalCreateUser([
        'administer languages',
        'access administration pages',
        'translate interface',
    ]);
    $this->drupalLogin($admin_user);
    $langcode = 'xx';
    // The English name for the language. This will be translated.
    $name = $this->randomMachineName(16);
    // These will be the invalid translations of $name.
    $key = $this->randomMachineName(16);
    $bad_translations[$key] = "<script>alert('xss');</script>" . $key;
    $key = $this->randomMachineName(16);
    $bad_translations[$key] = '<img SRC="javascript:alert(\'xss\');">' . $key;
    $key = $this->randomMachineName(16);
    $bad_translations[$key] = '<<SCRIPT>alert("xss");//<</SCRIPT>' . $key;
    $key = $this->randomMachineName(16);
    $bad_translations[$key] = "<BODY ONLOAD=alert('xss')>" . $key;
    // Add custom language.
    $edit = [
        'predefined_langcode' => 'custom',
        'langcode' => $langcode,
        'label' => $name,
        'direction' => LanguageInterface::DIRECTION_LTR,
    ];
    $this->drupalGet('admin/config/regional/language/add');
    $this->submitForm($edit, 'Add custom language');
    // Add string.
    t($name, [], [
        'langcode' => $langcode,
    ])->render();
    // Reset locale cache.
    $search = [
        'string' => $name,
        'langcode' => $langcode,
        'translation' => 'all',
    ];
    $this->drupalGet('admin/config/regional/translate');
    $this->submitForm($search, 'Filter');
    // Find the edit path.
    $textarea = $this->assertSession()
        ->elementExists('xpath', '//textarea');
    $lid = $textarea->getAttribute('name');
    foreach ($bad_translations as $translation) {
        $edit = [
            $lid => $translation,
        ];
        $this->drupalGet('admin/config/regional/translate');
        $this->submitForm($edit, 'Save translations');
        // Check for a form error on the textarea, which means the string was
        // rejected as unsafe.
        $this->assertSession()
            ->elementAttributeContains('xpath', '//form[@id="locale-translate-edit-form"]//textarea', 'class', 'error');
        $this->assertSession()
            ->pageTextNotContains('The string has been saved.');
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.