10 use Magento\TestFramework\Utility\XssOutputValidator;
23 $invoker = new \Magento\Framework\App\Utility\AggregateInvoker($this);
24 $xssOutputValidator =
new XssOutputValidator();
41 function ($file) use ($xssOutputValidator) {
42 $lines = $xssOutputValidator->getLinesWithXssSensitiveOutput($file);
45 "Potentially XSS vulnerability. " .
46 "Please verify that output is escaped at lines " . $lines
60 foreach (array_diff(scandir(
__DIR__ .
'/_files/whitelist/exempt_modules'), [
'..',
'.']) as $file) {
61 $exemptModules = array_merge(
63 include(
__DIR__ .
'/_files/whitelist/exempt_modules/' . $file)
69 if (in_array($moduleName, $exemptModules)) {
72 foreach (
Files::init()->getFiles([$modulePath],
'*.phtml') as $file) {
74 $pattern =
"/\\/* @escapeNotVerified \\*\\/ echo (?!__).+/";
75 $instances = preg_grep(
$pattern, explode(
"\n", $fileContents));
76 if (!empty($instances)) {
77 foreach (array_keys($instances) as $line) {
78 $result .= $file .
':' . ($line + 1) .
"\n";
85 "@escapeNotVerified annotation detected.\n" .
86 "Please use the correct escape strategy and remove annotation at:\n" .
$result
defined('TESTS_BP')||define('TESTS_BP' __DIR__
testAbsenceOfEscapeNotVerifiedAnnotationInRefinedModules()