function ManageFieldsFunctionalTest::testExternalDestinations

Same name in other branches
  1. 8.9.x core/modules/field_ui/tests/src/Functional/ManageFieldsFunctionalTest.php \Drupal\Tests\field_ui\Functional\ManageFieldsFunctionalTest::testExternalDestinations()

Tests that external URLs in the 'destinations' query parameter are blocked.

File

core/modules/field_ui/tests/src/Functional/ManageFieldsFunctionalTest.php, line 742

Class

ManageFieldsFunctionalTest
Tests the Field UI "Manage fields" screen.

Namespace

Drupal\Tests\field_ui\Functional

Code

public function testExternalDestinations() {
    $options = [
        'query' => [
            'destinations' => [
                'http://example.com',
            ],
        ],
    ];
    $this->drupalGet('admin/structure/types/manage/article/fields/node.article.body/storage', $options);
    $this->submitForm([], 'Save field settings');
    // The external redirect should not fire.
    $this->assertSession()
        ->addressEquals('admin/structure/types/manage/article/fields/node.article.body/storage?destinations%5B0%5D=http%3A//example.com');
    $this->assertSession()
        ->statusCodeEquals(200);
    $this->assertSession()
        ->responseContains('Attempt to update field <em class="placeholder">Body</em> failed: <em class="placeholder">The internal path component &#039;http://example.com&#039; is external. You are not allowed to specify an external URL together with internal:/.</em>.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.