3 namespace Drupal\Tests\filter\Functional;
5 use Drupal\filter\Entity\FilterFormat;
6 use Drupal\Tests\BrowserTestBase;
7 use Drupal\filter\Plugin\FilterInterface;
8 use Drupal\user\RoleInterface;
11 * Tests the behavior of check_markup() when a filter or text format vanishes,
12 * or when check_markup() is called in such a way that it is instructed to skip
13 * all filters of the "FilterInterface::TYPE_HTML_RESTRICTOR" type.
17 class FilterSecurityTest extends BrowserTestBase {
24 public static $modules = ['node', 'filter_test'];
27 * A user with administrative permissions.
29 * @var \Drupal\user\UserInterface
33 protected function setUp() {
36 // Create Basic page node type.
37 $this->drupalCreateContentType(['type' => 'page', 'name' => 'Basic page']);
39 /** @var \Drupal\filter\Entity\FilterFormat $filtered_html_format */
40 $filtered_html_format = FilterFormat::load('filtered_html');
41 $filtered_html_permission = $filtered_html_format->getPermissionName();
42 user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, [$filtered_html_permission]);
44 $this->adminUser = $this->drupalCreateUser(['administer modules', 'administer filters', 'administer site configuration']);
45 $this->drupalLogin($this->adminUser);
49 * Tests removal of filtered content when an active filter is disabled.
51 * Tests that filtered content is emptied when an actively used filter module
54 public function testDisableFilterModule() {
56 $node = $this->drupalCreateNode(['promote' => 1]);
57 $body_raw = $node->body->value;
58 $format_id = $node->body->format;
59 $this->drupalGet('node/' . $node->id());
60 $this->assertText($body_raw, 'Node body found.');
62 // Enable the filter_test_replace filter.
64 'filters[filter_test_replace][status]' => 1,
66 $this->drupalPostForm('admin/config/content/formats/manage/' . $format_id, $edit, t('Save configuration'));
68 // Verify that filter_test_replace filter replaced the content.
69 $this->drupalGet('node/' . $node->id());
70 $this->assertNoText($body_raw, 'Node body not found.');
71 $this->assertText('Filter: Testing filter', 'Testing filter output found.');
73 // Disable the text format entirely.
74 $this->drupalPostForm('admin/config/content/formats/manage/' . $format_id . '/disable', [], t('Disable'));
76 // Verify that the content is empty, because the text format does not exist.
77 $this->drupalGet('node/' . $node->id());
78 $this->assertNoText($body_raw, 'Node body not found.');
82 * Tests that security filters are enforced even when marked to be skipped.
84 public function testSkipSecurityFilters() {
85 $text = "Text with some disallowed tags: <script />, <p><object>unicorn</object></p>, <i><table></i>.";
86 $expected_filtered_text = "Text with some disallowed tags: , <p>unicorn</p>, .";
87 $this->assertEqual(check_markup($text, 'filtered_html', '', []), $expected_filtered_text, 'Expected filter result.');
88 $this->assertEqual(check_markup($text, 'filtered_html', '', [FilterInterface::TYPE_HTML_RESTRICTOR]), $expected_filtered_text, 'Expected filter result, even when trying to disable filters of the FilterInterface::TYPE_HTML_RESTRICTOR type.');