-
Notifications
You must be signed in to change notification settings - Fork 638
/
HtmlViewHelperTest.php
110 lines (98 loc) · 3.39 KB
/
HtmlViewHelperTest.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
declare(strict_types=1);
/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
namespace TYPO3\CMS\Fluid\Tests\Functional\ViewHelpers\Sanitize;
use Psr\Log\LogLevel;
use TYPO3\CMS\Core\Log\LogRecord;
use TYPO3\CMS\Core\Tests\Functional\Fixtures\Log\DummyWriter;
use TYPO3\CMS\Core\Tests\Functional\Html\DefaultSanitizerBuilderTest;
use TYPO3\CMS\Fluid\View\StandaloneView;
use TYPO3\CMS\Fluid\ViewHelpers\Sanitize\HtmlViewHelper;
use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
class HtmlViewHelperTest extends FunctionalTestCase
{
/**
* @var bool Speed up this test case, it needs no database
*/
protected $initializeDatabase = false;
protected $configurationToUseInTestInstance = [
'LOG' => [
'TYPO3' => [
'HtmlSanitizer' => [
'writerConfiguration' => [
LogLevel::DEBUG => [
DummyWriter::class => [],
],
],
],
],
],
];
protected function tearDown(): void
{
parent::tearDown();
DummyWriter::$logs = [];
}
public static function isSanitizedDataProvider(): array
{
// @todo splitter for functional tests cannot deal with external classes
return DefaultSanitizerBuilderTest::isSanitizedDataProvider();
}
/**
* @param string $payload
* @param string $expectation
* @test
* @dataProvider isSanitizedDataProvider
*/
public function isSanitizedUsingNodeInstruction(string $payload, string $expectation): void
{
$view = new StandaloneView();
$view->setTemplateSource(sprintf('<f:sanitize.html>%s</f:sanitize.html>', $payload));
self::assertSame($expectation, $view->render());
}
/**
* @param string $payload
* @param string $expectation
* @test
* @dataProvider isSanitizedDataProvider
*/
public function isSanitizedUsingInlineInstruction(string $payload, string $expectation): void
{
$view = new StandaloneView();
$view->assign('payload', $payload);
$view->setTemplateSource('{payload -> f:sanitize.html()}');
self::assertSame($expectation, $view->render());
}
/**
* @test
*/
public function incidentIsLogged(): void
{
$templatePath = __DIR__ . '/Fixtures/Template.html';
$view = new StandaloneView();
$view->setTemplatePathAndFilename($templatePath);
$view->assign('payload', '<script>alert(1)</script>');
$view->render();
$logItemDataExpectation = [
'behavior' => 'default',
'nodeType' => 1,
'nodeName' => 'script',
'initiator' => HtmlViewHelper::class,
];
$logItem = end(DummyWriter::$logs);
self::assertInstanceOf(LogRecord::class, $logItem);
self::assertSame($logItemDataExpectation, $logItem->getData());
self::assertSame('TYPO3.HtmlSanitizer.Visitor.CommonVisitor', $logItem->getComponent());
}
}