xss_clean() improvement

Fixes this: https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37819186
author: Andrey Andreev <narf@devilix.net> 2014-03-18 17:44:53 +0100
committer: Andrey Andreev <narf@devilix.net> 2014-03-18 17:44:53 +0100
commit: e7a2aa09df05547211776bf493adb6da476f3858 (patch)
tree: 84f104c1e2079a22fb5409a517986ae44d4ee4f3 /tests/codeigniter/core/Security_test.php
parent: 1394304472f1c917b8f6680c57bf50c780744f2d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 433ad313f..14e042ee2 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -71,6 +71,12 @@ class Security_test extends CI_TestCase {
 		$this->assertEquals("Hello, i try to [removed]alert&#40;'Hack'&#41;;[removed] your site", $harmless_string);
 	}
 
+	public function test_xss_clean_entity_double_encoded()
+	{
+		$input = '<a href="&#38&#35&#49&#48&#54&#38&#35&#57&#55&#38&#35&#49&#49&#56&#38&#35&#57&#55&#38&#35&#49&#49&#53&#38&#35&#57&#57&#38&#35&#49&#49&#52&#38&#35&#49&#48&#53&#38&#35&#49&#49&#50&#38&#35&#49&#49&#54&#38&#35&#53&#56&#38&#35&#57&#57&#38&#35&#49&#49&#49&#38&#35&#49&#49&#48&#38&#35&#49&#48&#50&#38&#35&#49&#48&#53&#38&#35&#49&#49&#52&#38&#35&#49&#48&#57&#38&#35&#52&#48&#38&#35&#52&#57&#38&#35&#52&#49">Clickhere</a>';
+		$this->assertEquals('<a 1>Clickhere</a>', $this->security->xss_clean($input));
+	}
+
 	// --------------------------------------------------------------------
 
 	public function test_xss_hash()
author	Andrey Andreev <narf@devilix.net>	2014-03-18 17:44:53 +0100
committer	Andrey Andreev <narf@devilix.net>	2014-03-18 17:44:53 +0100
commit	e7a2aa09df05547211776bf493adb6da476f3858 (patch)
tree	84f104c1e2079a22fb5409a517986ae44d4ee4f3 /tests/codeigniter/core/Security_test.php
parent	1394304472f1c917b8f6680c57bf50c780744f2d (diff)