function ExternalFormUrlTest::testActionUrlBehavior

Same name in other branches
  1. 8.9.x core/tests/Drupal/KernelTests/Core/Form/ExternalFormUrlTest.php \Drupal\KernelTests\Core\Form\ExternalFormUrlTest::testActionUrlBehavior()
  2. 10 core/tests/Drupal/KernelTests/Core/Form/ExternalFormUrlTest.php \Drupal\KernelTests\Core\Form\ExternalFormUrlTest::testActionUrlBehavior()
  3. 11.x core/tests/Drupal/KernelTests/Core/Form/ExternalFormUrlTest.php \Drupal\KernelTests\Core\Form\ExternalFormUrlTest::testActionUrlBehavior()

Tests form behavior.

File

core/tests/Drupal/KernelTests/Core/Form/ExternalFormUrlTest.php, line 70

Class

ExternalFormUrlTest
Ensures that form actions can't be tricked into sending to external URLs.

Namespace

Drupal\KernelTests\Core\Form

Code

public function testActionUrlBehavior() {
    // Create a new request which has a request uri with multiple leading
    // slashes and make it the master request.
    $request_stack = \Drupal::service('request_stack');
    
    /** @var \Symfony\Component\HttpFoundation\RequestStack $original_request */
    $original_request = $request_stack->pop();
    // Just request some more so there is no request left.
    $request_stack->pop();
    $request_stack->pop();
    $request = Request::create($original_request->getSchemeAndHttpHost() . '//example.org');
    $request_stack->push($request);
    $form = \Drupal::formBuilder()->getForm($this);
    $markup = \Drupal::service('renderer')->renderRoot($form);
    $this->setRawContent($markup);
    $elements = $this->xpath('//form/@action');
    $action = (string) $elements[0];
    $this->assertEquals($original_request->getSchemeAndHttpHost() . '//example.org', $action);
    // Create a new request which has a request uri with a single leading slash
    // and make it the master request.
    $request_stack = \Drupal::service('request_stack');
    $original_request = $request_stack->pop();
    $request = Request::create($original_request->getSchemeAndHttpHost() . '/example.org');
    $request_stack->push($request);
    $form = \Drupal::formBuilder()->getForm($this);
    $markup = \Drupal::service('renderer')->renderRoot($form);
    $this->setRawContent($markup);
    $elements = $this->xpath('//form/@action');
    $action = (string) $elements[0];
    $this->assertEquals('/example.org', $action);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.