getMockBuilder(Translator::class) ->disableOriginalConstructor() ->getMock(); $validatorMock = $this->getMockBuilder(ValidatorInterface::class) ->disableOriginalConstructor() ->getMock(); $this->fixture = new FormFieldHelper($translatorMock, $validatorMock); } /** * @dataProvider fieldProvider */ public function testPopulateField($field, $value, $formHtml, $expectedValue, $message): void { $this->fixture->populateField($field, $value, 'mautic', $formHtml); $this->assertEquals($expectedValue, $formHtml, $message); } /** * @return array */ public static function fieldProvider() { return [ [ self::getField('First Name', 'text'), '%22%2F%3E%3Cscript%3Ealert%280%29%3C%2Fscript%3E', '', '', 'Tags should be stripped from textet field values submitted via GET to prevent XSS.', ], [ self::getField('First Name', 'text'), '%22%20onfocus=%22alert(123)', '', '', 'Inline JS values should not be allowed via GET to prevent XSS.', ], [ self::getField('Phone', 'tel'), '+41 123 456 7890', '', '', 'Phone number are populated properly', ], [ self::getField('Description', 'textarea'), '%22%2F%3E%3Cscript%3Ealert%280%29%3C%2Fscript%3E', '', '"/>alert(0)', 'Tags should be stripped from textarea field values submitted via GET to prevent XSS.', ], [ self::getField('Description', 'textarea'), '%22%20onfocus=%22alert(123)', '', '" onfocus="alert(123)', 'Tags should be stripped from textarea field values submitted via GET to prevent XSS.', ], [ self::getField('Checkbox Single', 'checkboxgrp'), 'myvalue', '', '', 'Single value checkbox groups should have their values set appropriately via GET.', ], [ self::getField('Checkbox Multi', 'checkboxgrp'), 'myvalue%7Calsomyvalue', '', '', 'Multi-value checkbox groups should have their values set appropriately via GET.', ], [ self::getField('Radio Single', 'radiogrp'), 'myvalue', '', '', 'Single value radio groups should have their values set appropriately via GET.', ], [ self::getField('Select', 'select'), 'myvalue', 'My Value', 'My Value', 'Select lists should have their values set appropriately via GET.', ], ]; } /** * @param string $name * @param string $type * * @return Field */ protected static function getField($name, $type) { $field = new Field(); $field->setLabel($name); $field->setAlias(self::getAliasFromName($name)); $field->setType($type); return $field; } /** * @param string $name * * @return string */ private static function getAliasFromName($name) { return strtolower(str_replace(' ', '', $name)); } }