function RequestSanitizerTest::providerTestAcceptableDestinations
Same name in other branches
- 8.9.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestAcceptableDestinations()
- 10 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestAcceptableDestinations()
- 11.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestAcceptableDestinations()
Data provider for testing acceptable destinations.
File
-
core/
tests/ Drupal/ Tests/ Core/ Security/ RequestSanitizerTest.php, line 315
Class
- RequestSanitizerTest
- Tests RequestSanitizer class.
Namespace
Drupal\Tests\Core\SecurityCode
public function providerTestAcceptableDestinations() {
$data = [];
// Standard internal example node path is present in the 'destination'
// parameter.
$data[] = [
'node',
];
// Internal path with one leading slash is allowed.
$data[] = [
'/example.com',
];
// Internal URL using a colon is allowed.
$data[] = [
'example:test',
];
// JavaScript URL is allowed because it is treated as an internal URL.
$data[] = [
'javascript:alert(0)',
];
return $data;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.