‪TYPO3CMS  10.4
SecureHtmlRenderingTest.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
16 namespace ‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering;
17 
18 use ‪TYPO3\CMS\Core\Core\Bootstrap;
19 use ‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait;
20 use ‪TYPO3\CMS\Core\TypoScript\TemplateService;
21 use TYPO3\TestingFramework\Core\Functional\Framework\DataHandling\Scenario\DataHandlerFactory;
22 use TYPO3\TestingFramework\Core\Functional\Framework\DataHandling\Scenario\DataHandlerWriter;
23 use TYPO3\TestingFramework\Core\Functional\Framework\Frontend\Internal\AbstractInstruction;
24 use TYPO3\TestingFramework\Core\Functional\Framework\Frontend\Internal\TypoScriptInstruction;
25 use TYPO3\TestingFramework\Core\Functional\Framework\Frontend\InternalRequest;
26 use TYPO3\TestingFramework\Core\Functional\Framework\Frontend\InternalRequestContext;
27 use TYPO3\TestingFramework\Core\Functional\Framework\Frontend\InternalResponse;
28 use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
29 
30 class ‪SecureHtmlRenderingTest extends FunctionalTestCase
31 {
32  use ‪SiteBasedTestTrait;
33 
34  private const ‪TYPE_PLAIN = 'plain';
35  private const ‪TYPE_EMPTY_PARSEFUNCTSPATH = 'empty-parseFuncTSPath';
36  private const ‪TYPE_DISABLE_HTML_SANITIZE = 'disable-htmlSanitize';
37  private const ‪ENCRYPTION_KEY = '4408d27a916d51e624b69af3554f516dbab61037a9f7b9fd6f81b4d3bedeccb6';
38 
39  private const ‪TYPO3_CONF_VARS = [
40  'SYS' => [
41  'encryptionKey' => ‪self::ENCRYPTION_KEY,
42  ],
43  ];
44 
45  private const ‪LANGUAGE_PRESETS = [
46  'EN' => ['id' => 0, 'title' => 'English', 'locale' => 'en_US.UTF8', 'iso' => 'en', 'hrefLang' => 'en-US', 'direction' => ''],
47  ];
48 
52  private ‪$internalRequestContext;
53 
57  protected ‪$coreExtensionsToLoad = ['fluid_styled_content'];
58 
62  protected ‪$pathsToLinkInTestInstance = [
63  'typo3/sysext/core/Tests/Functional/Fixtures/Frontend/AdditionalConfiguration.php' => 'typo3conf/AdditionalConfiguration.php',
64  ];
65 
66  public static function ‪setUpBeforeClass(): void
67  {
68  parent::setUpBeforeClass();
69  static::initializeDatabaseSnapshot();
70  }
71 
72  public static function ‪tearDownAfterClass(): void
73  {
74  static::destroyDatabaseSnapshot();
75  parent::tearDownAfterClass();
76  }
77 
78  protected function ‪setUp(): void
79  {
80  parent::setUp();
81 
82  // these settings are forwarded to the frontend sub-request as well
83  $this->internalRequestContext = (new InternalRequestContext())
84  ->withGlobalSettings(['TYPO3_CONF_VARS' => static::TYPO3_CONF_VARS]);
85 
86  $this->‪writeSiteConfiguration(
87  'acme-com',
88  $this->‪buildSiteConfiguration(1000, 'https://acme.com/'),
89  [$this->‪buildDefaultLanguageConfiguration('EN', 'https://acme.us/')]
90  );
91 
92  $this->withDatabaseSnapshot(function () {
93  $this->‪setUpDatabase();
94  });
95  }
96 
97  protected function ‪setUpDatabase()
98  {
99  $backendUser = $this->setUpBackendUserFromFixture(1);
100  ‪Bootstrap::initializeLanguageObject();
101 
102  $scenarioFile = __DIR__ . '/Fixtures/SecureHtmlScenario.yaml';
103  $factory = DataHandlerFactory::fromYamlFile($scenarioFile);
104  $writer = DataHandlerWriter::withBackendUser($backendUser);
105  $writer->invokeFactory($factory);
106  static::failIfArrayIsNotEmpty(
107  $writer->getErrors()
108  );
109 
110  $this->setUpFrontendRootPage(
111  1000,
112  [
113  'constants' => ['EXT:fluid_styled_content/Configuration/TypoScript/constants.typoscript'],
114  'setup' => ['EXT:fluid_styled_content/Configuration/TypoScript/setup.typoscript'],
115  ],
116  [
117  'title' => 'ACME Root',
118  ]
119  );
120  }
121 
122  protected function ‪tearDown(): void
123  {
124  unset($this->internalRequestContext);
125  parent::tearDown();
126  }
127 
128  public function ‪defaultParseFuncRteAvoidsCrossSiteScriptingDataProvider(): array
129  {
130  return [
131  '#01' => [
132  '01: <script>alert(1)</script>',
133  '<p>01: &lt;script&gt;alert(1)&lt;/script&gt;</p>',
134  ],
135  '#02' => [
136  '02: <unknown a="a" b="b">value</unknown>',
137  '<p>02: &lt;unknown a="a" b="b"&gt;value&lt;/unknown&gt;</p>',
138  ],
139  '#03' => [
140  '03: <img img="img" alt="alt" onerror="alert(1)">',
141  '<p>03: <img alt="alt"></p>',
142  ],
143  '#04' => [
144  '04: <img src="img" alt="alt" onerror="alert(1)">',
145  '<p>04: <img src="img" alt="alt"></p>',
146  ],
147  '#05' => [
148  '05: <img/src="img"/onerror="alert(1)">',
149  '<p>05: &lt;img/src="img"/onerror="alert(1)"&gt;</p>',
150  ],
151  '#06' => [
152  '06: <strong>Given that x < y and y > z...</strong>',
153  '<p>06: <strong>Given that x &lt; y and y &gt; z...</strong></p>',
154  ],
155  '#07' => [
156  '07: <a href="t3://page?uid=1000" target="_blank" rel="noreferrer" class="button" role="button" onmouseover="alert(1)">TYPO3</a>',
157  '<p>07: <a href="/" target="_blank" rel="noreferrer" class="button" role="button">TYPO3</a></p>',
158  ],
159  ];
160  }
161 
168  public function ‪defaultParseFuncRteAvoidCrossSiteScripting(string $payload, string $expectation)
169  {
170  $instructions = [
171  $this->‪createTextContentObjectWithDefaultParseFuncRteInstruction($payload),
172  ];
173  $response = $this->‪invokeFrontendRendering(...$instructions);
174  self::assertSame($expectation, (string)$response->getBody());
175  }
176 
177  public function ‪customParseFuncAvoidsCrossSiteScriptingDataProvider(): array
178  {
179  return [
180  '#01' => [
181  '01: <script>alert(1)</script>',
182  '<p>01: &lt;script&gt;alert(1)&lt;/script&gt;</p>',
183  ],
184  '#02' => [
185  '02: <unknown a="a" b="b">value</unknown>',
186  '<p>02: &lt;unknown a="a" b="b"&gt;value&lt;/unknown&gt;</p>',
187  ],
188  '#03' => [
189  '03: <img img="img" alt="alt" onerror="alert(1)">',
190  '<p>03: <img alt="alt"></p>',
191  ],
192  '#04' => [
193  '04: <img src="img" alt="alt" onerror="alert(1)">',
194  '<p>04: <img src="img" alt="alt"></p>',
195  ],
196  '#05' => [
197  '05: <img/src="img"/onerror="alert(1)">',
198  '<p>05: <img src="img"></p>',
199  ],
200  '#06' => [
201  '06: <strong>Given that x < y and y > z...</strong>',
202  '<p>06: <strong>Given that x y and y &gt; z...</strong></p>',
203  ],
204  '#07' => [
205  '07: <a href="t3://page?uid=1000" target="_blank" rel="noreferrer" class="button" role="button" onmouseover="alert(1)">TYPO3</a>',
206  '<p>07: <a href="/" target="_blank" rel="noreferrer" class="button" role="button">TYPO3</a></p>',
207  ],
208  ];
209  }
210 
217  public function ‪customParseFuncAvoidCrossSiteScripting(string $payload, string $expectation)
218  {
219  $instructions = [
220  $this->‪createTextContentObjectWithCustomParseFuncInstruction($payload),
221  ];
222  $response = $this->‪invokeFrontendRendering(...$instructions);
223  self::assertSame($expectation, (string)$response->getBody());
224  }
225 
226  public static function ‪htmlViewHelperAvoidsCrossSiteScriptingDataProvider(): array
227  {
228  return [
229  '#01 ' . self::TYPE_PLAIN => [
230  ‪self::TYPE_PLAIN,
231  '01: <script>alert(1)</script>',
232  '<p>01: &lt;script&gt;alert(1)&lt;/script&gt;</p>',
233  ],
234  '#01 ' . self::TYPE_EMPTY_PARSEFUNCTSPATH => [
235  ‪self::TYPE_EMPTY_PARSEFUNCTSPATH,
236  '01: <script>alert(1)</script>',
237  '01: <script>alert(1)</script>',
238  ],
239  '#01 ' . self::TYPE_DISABLE_HTML_SANITIZE => [
240  ‪self::TYPE_DISABLE_HTML_SANITIZE,
241  '01: <script>alert(1)</script>',
242  '<p>01: &lt;script&gt;alert(1)&lt;/script&gt;</p>',
243  ],
244  '#03 ' . self::TYPE_PLAIN => [
245  ‪self::TYPE_PLAIN,
246  '03: <img img="img" alt="alt" onerror="alert(1)">',
247  '<p>03: <img alt="alt"></p>',
248  ],
249  '#03 ' . self::TYPE_EMPTY_PARSEFUNCTSPATH => [
250  ‪self::TYPE_EMPTY_PARSEFUNCTSPATH,
251  '03: <img img="img" alt="alt" onerror="alert(1)">',
252  '03: <img img="img" alt="alt" onerror="alert(1)">',
253  ],
254  '#03 ' . self::TYPE_DISABLE_HTML_SANITIZE => [
255  ‪self::TYPE_DISABLE_HTML_SANITIZE,
256  '03: <img img="img" alt="alt" onerror="alert(1)">',
257  '<p>03: <img img="img" alt="alt" onerror="alert(1)"></p>',
258  ],
259  '#07 ' . self::TYPE_PLAIN => [
260  ‪self::TYPE_PLAIN,
261  '07: <a href="t3://page?uid=1000" target="_blank" rel="noreferrer" class="button" role="button" onmouseover="alert(1)">TYPO3</a>',
262  '<p>07: <a href="/" target="_blank" rel="noreferrer" class="button" role="button">TYPO3</a></p>',
263  ],
264  '#07 ' . self::TYPE_EMPTY_PARSEFUNCTSPATH => [
265  ‪self::TYPE_EMPTY_PARSEFUNCTSPATH,
266  '07: <a href="t3://page?uid=1000" target="_blank" rel="noreferrer" class="button" role="button" onmouseover="alert(1)">TYPO3</a>',
267  // expected, with empty parseFunc configuration internal link URN is not resolved
268  '07: <a href="t3://page?uid=1000" target="_blank" rel="noreferrer" class="button" role="button" onmouseover="alert(1)">TYPO3</a>',
269  ],
270  '#07 ' . self::TYPE_DISABLE_HTML_SANITIZE => [
271  ‪self::TYPE_DISABLE_HTML_SANITIZE,
272  '07: <a href="t3://page?uid=1000" target="_blank" rel="noreferrer" class="button" role="button" onmouseover="alert(1)">TYPO3</a>',
273  '<p>07: <a href="/" target="_blank" rel="noreferrer" class="button" role="button" onmouseover="alert(1)">TYPO3</a></p>',
274  ],
275  '#08 ' . self::TYPE_PLAIN => [
276  ‪self::TYPE_PLAIN,
277  '08: <meta whatever="whatever">',
278  '<p>08: </p>',
279  ],
280  '#08 ' . self::TYPE_EMPTY_PARSEFUNCTSPATH => [
281  ‪self::TYPE_EMPTY_PARSEFUNCTSPATH,
282  '08: <meta whatever="whatever">',
283  '08: <meta whatever="whatever">',
284  ],
285  '#08 ' . self::TYPE_DISABLE_HTML_SANITIZE => [
286  ‪self::TYPE_DISABLE_HTML_SANITIZE,
287  '08: <meta whatever="whatever">',
288  '<p>08: <meta whatever="whatever"></p>',
289  ],
290  // `sdfield` is in `styles.content.allowTags` constant
291  '#09 ' . self::TYPE_PLAIN => [
292  ‪self::TYPE_PLAIN,
293  '09: <sdfield onmouseover="alert(1)">',
294  '<p>09: &lt;sdfield onmouseover="alert(1)"&gt;&lt;/sdfield&gt;</p>',
295  ],
296  '#09 ' . self::TYPE_EMPTY_PARSEFUNCTSPATH => [
297  ‪self::TYPE_EMPTY_PARSEFUNCTSPATH,
298  '09: <sdfield onmouseover="alert(1)">',
299  '09: <sdfield onmouseover="alert(1)">',
300  ],
301  '#09 ' . self::TYPE_DISABLE_HTML_SANITIZE => [
302  ‪self::TYPE_DISABLE_HTML_SANITIZE,
303  '09: <sdfield onmouseover="alert(1)">',
304  '<p>09: <sdfield onmouseover="alert(1)"></p>',
305  ],
306  '#10 ' . self::TYPE_PLAIN => [
307  ‪self::TYPE_PLAIN,
308  '10: <meta itemprop="type" content="voice">',
309  '<p>10: <meta itemprop="type" content="voice"></p>',
310  ],
311  '#10 ' . self::TYPE_EMPTY_PARSEFUNCTSPATH => [
312  ‪self::TYPE_EMPTY_PARSEFUNCTSPATH,
313  '10: <meta itemprop="type" content="voice">',
314  '10: <meta itemprop="type" content="voice">',
315  ],
316  '#10 ' . self::TYPE_DISABLE_HTML_SANITIZE => [
317  ‪self::TYPE_DISABLE_HTML_SANITIZE,
318  '10: <meta itemprop="type" content="voice">',
319  '<p>10: <meta itemprop="type" content="voice"></p>',
320  ],
321  ];
322  }
323 
331  public function ‪htmlViewHelperAvoidsCrossSiteScripting(string $type, string $payload, string $expectation): void
332  {
333  $instructions = [
334  $this->‪createFluidTemplateContentObject($type, $payload),
335  ];
336  if ($type === self::TYPE_DISABLE_HTML_SANITIZE) {
337  $instructions[] = $this->‪createDisableHtmlSanitizeInstruction();
338  }
339  $response = $this->‪invokeFrontendRendering(...$instructions);
340  self::assertSame($expectation, trim((string)$response->getBody(), "\n"));
341  }
342 
347  private function ‪invokeFrontendRendering(AbstractInstruction ...$instructions): InternalResponse
348  {
349  $sourcePageId = 1100;
350 
351  $request = (new InternalRequest('https://acme.us/'))
352  ->withPageId($sourcePageId)
353  ->withInstructions(
354  [
355  $this->‪createDefaultInstruction(),
356  ]
357  );
358 
359  if (count($instructions) > 0) {
360  $request = $this->‪applyInstructions($request, ...$instructions);
361  }
362 
363  return $this->executeFrontendRequest($request, $this->internalRequestContext);
364  }
365 
366  private function ‪createDefaultInstruction(): TypoScriptInstruction
367  {
368  return (new TypoScriptInstruction(TemplateService::class))
369  ->withTypoScript([
370  'config.' => [
371  'no_cache' => 1,
372  'debug' => 0,
373  'admPanel' => 0,
374  'disableAllHeaderCode' => 1,
375  'sendCacheHeaders' => 0,
376  ],
377  'page' => 'PAGE',
378  'page.' => [
379  'typeNum' => 0,
380  ]
381  ]);
382  }
383 
384  private function ‪createTextContentObjectWithDefaultParseFuncRteInstruction(string $value): TypoScriptInstruction
385  {
386  // default configuration as shipped in ext:fluid_styled_content
387  return (new TypoScriptInstruction(TemplateService::class))
388  ->withTypoScript([
389  'page.' => [
390  '10' => 'TEXT',
391  '10.' => [
392  'value' => $value,
393  'parseFunc' => '< lib.parseFunc_RTE',
394  ],
395  ],
396  ]);
397  }
398 
399  private function ‪createTextContentObjectWithCustomParseFuncInstruction(string $value): TypoScriptInstruction
400  {
401  // basically considered "insecure setup"
402  // + no explicit htmlSanitize
403  // + no HTMLparser + HTMLparser.htmlSpecialChars
404  return (new TypoScriptInstruction(TemplateService::class))
405  ->withTypoScript([
406  'page.' => [
407  '10' => 'TEXT',
408  '10.' => [
409  'value' => $value,
410  'parseFunc.' => [
411  'allowTags' => 'a,img,sdfield',
412  'tags.' => [
413  'a' => 'TEXT',
414  'a.' => [
415  'current' => 1,
416  'typolink' => [
417  'parameter.' => [
418  'data' => 'parameters:href'
419  ],
420  'title.' => [
421  'data' => 'parameters:title'
422  ],
423  'ATagParams.' => [
424  'data' => 'parameters:allParams'
425  ],
426  ],
427  ],
428  ],
429  'nonTypoTagStdWrap.' => [
430  'encapsLines.' => [
431  'nonWrappedTag' => 'p',
432  ],
433  ],
434  ],
435  ],
436  ],
437  ]);
438  }
439 
440  private function ‪createDisableHtmlSanitizeInstruction(): TypoScriptInstruction
441  {
442  return (new TypoScriptInstruction(TemplateService::class))
443  ->withTypoScript([
444  'lib.' => [
445  'parseFunc_RTE.' => [
446  'htmlSanitize' => '0',
447  ],
448  ],
449  ]);
450  }
451 
452  private function ‪createFluidTemplateContentObject(string $type, string $payload): TypoScriptInstruction
453  {
454  return (new TypoScriptInstruction(TemplateService::class))
455  ->withTypoScript([
456  'page.' => [
457  '10' => 'FLUIDTEMPLATE',
458  '10.' => [
459  'file' => 'EXT:fluid_styled_content/Tests/Functional/Rendering/Fixtures/FluidTemplate.html',
460  'variables.' => [
461  'type' => 'TEXT',
462  'type.' => [
463  'value' => $type,
464  ],
465  'payload' => 'TEXT',
466  'payload.' => [
467  'value' => $payload,
468  ],
469  ],
470  ],
471  ],
472  ]);
473  }
474 }
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\$internalRequestContext
‪InternalRequestContext $internalRequestContext
Definition: SecureHtmlRenderingTest.php:50
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\TYPE_EMPTY_PARSEFUNCTSPATH
‪const TYPE_EMPTY_PARSEFUNCTSPATH
Definition: SecureHtmlRenderingTest.php:34
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\invokeFrontendRendering
‪InternalResponse invokeFrontendRendering(AbstractInstruction ... $instructions)
Definition: SecureHtmlRenderingTest.php:343
‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait
Definition: SiteBasedTestTrait.php:36
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\tearDown
‪tearDown()
Definition: SecureHtmlRenderingTest.php:118
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest
Definition: SecureHtmlRenderingTest.php:31
‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait\writeSiteConfiguration
‪writeSiteConfiguration(string $identifier, array $site=[], array $languages=[], array $errorHandling=[])
Definition: SiteBasedTestTrait.php:58
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\createDisableHtmlSanitizeInstruction
‪createDisableHtmlSanitizeInstruction()
Definition: SecureHtmlRenderingTest.php:436
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\ENCRYPTION_KEY
‪const ENCRYPTION_KEY
Definition: SecureHtmlRenderingTest.php:36
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\setUpBeforeClass
‪static setUpBeforeClass()
Definition: SecureHtmlRenderingTest.php:62
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\defaultParseFuncRteAvoidCrossSiteScripting
‪defaultParseFuncRteAvoidCrossSiteScripting(string $payload, string $expectation)
Definition: SecureHtmlRenderingTest.php:164
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\$pathsToLinkInTestInstance
‪string[] $pathsToLinkInTestInstance
Definition: SecureHtmlRenderingTest.php:58
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\htmlViewHelperAvoidsCrossSiteScripting
‪htmlViewHelperAvoidsCrossSiteScripting(string $type, string $payload, string $expectation)
Definition: SecureHtmlRenderingTest.php:327
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\TYPE_DISABLE_HTML_SANITIZE
‪const TYPE_DISABLE_HTML_SANITIZE
Definition: SecureHtmlRenderingTest.php:35
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\setUpDatabase
‪setUpDatabase()
Definition: SecureHtmlRenderingTest.php:93
‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait\buildDefaultLanguageConfiguration
‪array buildDefaultLanguageConfiguration(string $identifier, string $base)
Definition: SiteBasedTestTrait.php:124
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\setUp
‪setUp()
Definition: SecureHtmlRenderingTest.php:74
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\createTextContentObjectWithDefaultParseFuncRteInstruction
‪createTextContentObjectWithDefaultParseFuncRteInstruction(string $value)
Definition: SecureHtmlRenderingTest.php:380
‪TYPO3\CMS\Core\Core\Bootstrap\initializeLanguageObject
‪static initializeLanguageObject()
Definition: Bootstrap.php:617
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\defaultParseFuncRteAvoidsCrossSiteScriptingDataProvider
‪defaultParseFuncRteAvoidsCrossSiteScriptingDataProvider()
Definition: SecureHtmlRenderingTest.php:124
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\createDefaultInstruction
‪createDefaultInstruction()
Definition: SecureHtmlRenderingTest.php:362
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\htmlViewHelperAvoidsCrossSiteScriptingDataProvider
‪static htmlViewHelperAvoidsCrossSiteScriptingDataProvider()
Definition: SecureHtmlRenderingTest.php:222
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\$coreExtensionsToLoad
‪string[] $coreExtensionsToLoad
Definition: SecureHtmlRenderingTest.php:54
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\TYPE_PLAIN
‪const TYPE_PLAIN
Definition: SecureHtmlRenderingTest.php:33
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\customParseFuncAvoidsCrossSiteScriptingDataProvider
‪customParseFuncAvoidsCrossSiteScriptingDataProvider()
Definition: SecureHtmlRenderingTest.php:173
‪TYPO3\CMS\Core\TypoScript\TemplateService
Definition: TemplateService.php:46
‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait\applyInstructions
‪InternalRequest applyInstructions(InternalRequest $request, AbstractInstruction ... $instructions)
Definition: SiteBasedTestTrait.php:243
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\LANGUAGE_PRESETS
‪const LANGUAGE_PRESETS
Definition: SecureHtmlRenderingTest.php:44
‪TYPO3\CMS\Core\Core\Bootstrap
Definition: Bootstrap.php:66
‪TYPO3\CMS\Core\Tests\Functional\SiteHandling\SiteBasedTestTrait\buildSiteConfiguration
‪array buildSiteConfiguration(int $rootPageId, string $base='')
Definition: SiteBasedTestTrait.php:109
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\tearDownAfterClass
‪static tearDownAfterClass()
Definition: SecureHtmlRenderingTest.php:68
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\customParseFuncAvoidCrossSiteScripting
‪customParseFuncAvoidCrossSiteScripting(string $payload, string $expectation)
Definition: SecureHtmlRenderingTest.php:213
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\TYPO3_CONF_VARS
‪const TYPO3_CONF_VARS
Definition: SecureHtmlRenderingTest.php:38
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering
Definition: SecureHtmlRenderingTest.php:16
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\createFluidTemplateContentObject
‪createFluidTemplateContentObject(string $type, string $payload)
Definition: SecureHtmlRenderingTest.php:448
‪TYPO3\CMS\FluidStyledContent\Tests\Functional\Rendering\SecureHtmlRenderingTest\createTextContentObjectWithCustomParseFuncInstruction
‪createTextContentObjectWithCustomParseFuncInstruction(string $value)
Definition: SecureHtmlRenderingTest.php:395