diff options
author | Andrey Andreev <narf@devilix.net> | 2017-01-04 14:26:35 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2017-01-04 14:26:35 +0100 |
commit | 2ab1c1902711c8b0caf5c3e8f2fa825d72f6755d (patch) | |
tree | 6b1916cae83d662dbdebccc58c0c8f99530492a0 /tests/codeigniter/core/Security_test.php | |
parent | 2fa068d238c65cbe8e048809b1839fa0cda3123b (diff) |
Fix an XSS vulnerability
Diffstat (limited to 'tests/codeigniter/core/Security_test.php')
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index cbf0285ec..4c54ec9fa 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -154,6 +154,11 @@ class Security_test extends CI_TestCase { '<img src="b on=">on=">"x onerror="alert(1)">', $this->security->xss_clean('<img src="b on="<x">on=">"x onerror="alert(1)">') ); + + $this->assertEquals( + "\n><!-\n<b d=\"'e><iframe onload=alert(1) src=x>\n<a HREF=\">\n", + $this->security->xss_clean("\n><!-\n<b\n<c d=\"'e><iframe onload=alert(1) src=x>\n<a HREF=\"\">\n") + ); } // -------------------------------------------------------------------- |