function ExceptionHandlingTest::testBacktraceEscaping

Same name in other branches
  1. 9 core/tests/Drupal/KernelTests/Core/Routing/ExceptionHandlingTest.php \Drupal\KernelTests\Core\Routing\ExceptionHandlingTest::testBacktraceEscaping()
  2. 10 core/tests/Drupal/KernelTests/Core/Routing/ExceptionHandlingTest.php \Drupal\KernelTests\Core\Routing\ExceptionHandlingTest::testBacktraceEscaping()
  3. 11.x core/tests/Drupal/KernelTests/Core/Routing/ExceptionHandlingTest.php \Drupal\KernelTests\Core\Routing\ExceptionHandlingTest::testBacktraceEscaping()

Tests if exception backtraces are properly escaped when output to HTML.

File

core/tests/Drupal/KernelTests/Core/Routing/ExceptionHandlingTest.php, line 150

Class

ExceptionHandlingTest
Tests the exception handling for various cases.

Namespace

Drupal\KernelTests\Core\Routing

Code

public function testBacktraceEscaping() {
    // Enable verbose error logging.
    $this->config('system.logging')
        ->set('error_level', ERROR_REPORTING_DISPLAY_VERBOSE)
        ->save();
    $request = Request::create('/router_test/test17');
    $request->setFormat('html', [
        'text/html',
    ]);
    
    /** @var \Symfony\Component\HttpKernel\HttpKernelInterface $kernel */
    $kernel = \Drupal::getContainer()->get('http_kernel');
    $response = $kernel->handle($request)
        ->prepare($request);
    $this->assertEqual($response->getStatusCode(), Response::HTTP_INTERNAL_SERVER_ERROR);
    $this->assertEqual($response->headers
        ->get('Content-type'), 'text/html; charset=UTF-8');
    // Test both that the backtrace is properly escaped, and that the unescaped
    // string is not output at all.
    $this->assertStringContainsString(Html::escape('<script>alert(\'xss\')</script>'), $response->getContent());
    $this->assertStringNotContainsString('<script>alert(\'xss\')</script>', $response->getContent());
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.