documentation/_xss_phtml_template_test_8php_source.html

 <?php
 namespace Magento\Test\Php;

 use Magento\Framework\App\Utility\Files;
 use Magento\TestFramework\Utility\XssOutputValidator;
 use Magento\Framework\Component\ComponentRegistrar;

 class XssPhtmlTemplateTest extends \PHPUnit\Framework\TestCase
 {
     public function testXssSensitiveOutput()
     {
         $invoker = new \Magento\Framework\App\Utility\AggregateInvoker($this);
         $xssOutputValidator = new XssOutputValidator();
         $invoker(
             function ($file) use ($xssOutputValidator) {
                 $lines = $xssOutputValidator->getLinesWithXssSensitiveOutput($file);
                 $this->assertEmpty(
                     $lines,
                     "Potentially XSS vulnerability. " .
                     "Please verify that output is escaped at lines " . $lines
                 );
             },
             Files::init()->getPhtmlFiles()
         );
     }

     public function testAbsenceOfEscapeNotVerifiedAnnotationInRefinedModules()
     {
         $componentRegistrar = new ComponentRegistrar();
         $exemptModules = [];
         foreach (array_diff(scandir(__DIR__ . '/_files/whitelist/exempt_modules'), ['..', '.']) as $file) {
             $exemptModules = array_merge(
                 $exemptModules,
                 include(__DIR__ . '/_files/whitelist/exempt_modules/' . $file)
             );
         }

         $result = "";
         foreach ($componentRegistrar->getPaths(ComponentRegistrar::MODULE) as $moduleName => $modulePath) {
             if (in_array($moduleName, $exemptModules)) {
                 continue;
             }
             foreach (Files::init()->getFiles([$modulePath], '*.phtml') as $file) {
                 $fileContents = file_get_contents($file);
                 $pattern = "/\\/* @escapeNotVerified \\*\\/ echo (?!__).+/";
                 $instances = preg_grep($pattern, explode("\n", $fileContents));
                 if (!empty($instances)) {
                     foreach (array_keys($instances) as $line) {
                         $result .= $file . ':' . ($line + 1) . "\n";
                     }
                 }
             }
         }
         $this->assertEmpty(
             $result,
             "@escapeNotVerified annotation detected.\n" .
             "Please use the correct escape strategy and remove annotation at:\n" . $result
         );
     }
 }
$result
$result
Definition: product_configurable_not_available_rollback.php:26

Magento\Framework\App\Utility\Files\init
static init()
Definition: Files.php:147

$componentRegistrar
$componentRegistrar
Definition: bootstrap.php:23

Magento\Test\Php\XssPhtmlTemplateTest\testXssSensitiveOutput
testXssSensitiveOutput()
Definition: XssPhtmlTemplateTest.php:21

Magento\Test\Php
Definition: LiveCodeTest.php:7

$pattern
$pattern
Definition: website.php:22

__DIR__
defined('TESTS_BP')||define('TESTS_BP' __DIR__
Definition: _bootstrap.php:60

Magento\Framework\App\Utility\Files
Definition: Files.php:21

Magento\Framework\Component\ComponentRegistrar\MODULE
const MODULE
Definition: ComponentRegistrar.php:21

Magento\Test\Php\XssPhtmlTemplateTest
Definition: XssPhtmlTemplateTest.php:16

Magento\Test\Php\XssPhtmlTemplateTest\testAbsenceOfEscapeNotVerifiedAnnotationInRefinedModules
testAbsenceOfEscapeNotVerifiedAnnotationInRefinedModules()
Definition: XssPhtmlTemplateTest.php:56

Magento\Framework\Component\ComponentRegistrar
Definition: ComponentRegistrar.php:16

Magento\Framework\Filesystem\Driver\file_get_contents
file_get_contents()
Definition: http_mock.php:15