Background information

This is a followup to SA-CORE-2025-001.

Problem/Motivation

We should add tests to prevent regressions for this vulnerability.

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet

Issue fork drupal-3593777

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

prudloff created an issue. See original summary.

prudloff opened merge request !15993

prudloff’s picture

prudloff commented
Status: Active » Needs review

The test comes from the private issue so people who worked on it should be credited.

smustgrave’s picture

smustgrave commented
Status: Needs review » Reviewed & tested by the community
Issue tags: +Needs Review Queue Initiative

Reverted https://git.drupalcode.org/project/drupal/-/commit/2da6570278ca3f584e089...

Ran the test and got which shows the issue.


Behat\Mink\Exception\ExpectationException: The string "library name must include at least one slash" was not found anywhere in the HTML response of the current page.
/var/www/html/vendor/behat/mink/src/WebAssert.php:888
/var/www/html/vendor/behat/mink/src/WebAssert.php:363
/var/www/html/core/tests/Drupal/Tests/WebAssert.php:569
/var/www/html/core/tests/Drupal/FunctionalTests/Asset/AssetXssTest.php:69


Behat\Mink\Exception\ExpectationException: The string "library name must include at least one slash" was not found anywhere in the HTML response of the current page.
/var/www/html/vendor/behat/mink/src/WebAssert.php:888
/var/www/html/vendor/behat/mink/src/WebAssert.php:363
/var/www/html/core/tests/Drupal/Tests/WebAssert.php:569
/var/www/html/core/tests/Drupal/FunctionalTests/Asset/AssetXssTest.php:69

  • catch committed 4df9b17f on 11.4.x 
    task: #3593777 Add tests for SA-CORE-2025-001

By: prudloff
By:...

catch closed merge request !15993

  • catch committed df8c97ba on 11.x 
    task: #3593777 Add tests for SA-CORE-2025-001

By: prudloff
By:...

  • catch committed 48e83c4a on main 
    task: #3593777 Add tests for SA-CORE-2025-001

By: prudloff
By:...
catch’s picture

catch
he/him
Primary language English
commented
Version: main » 11.4.x-dev
Status: Reviewed & tested by the community » Fixed
Issue tags: +Security improvements

Committed/pushed to main, 11.x and 11.4.x, thanks! Moved credits over from the private security issue, hopefully correctly.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.