diff options
author | Andrey Andreev <narf@devilix.net> | 2014-03-18 17:44:53 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-03-18 17:44:53 +0100 |
commit | e7a2aa09df05547211776bf493adb6da476f3858 (patch) | |
tree | 84f104c1e2079a22fb5409a517986ae44d4ee4f3 /tests/codeigniter/core | |
parent | 1394304472f1c917b8f6680c57bf50c780744f2d (diff) |
xss_clean() improvement
Fixes this: https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37819186
Diffstat (limited to 'tests/codeigniter/core')
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 433ad313f..14e042ee2 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -71,6 +71,12 @@ class Security_test extends CI_TestCase { $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string); } + public function test_xss_clean_entity_double_encoded() + { + $input = '<a href="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere</a>'; + $this->assertEquals('<a 1>Clickhere</a>', $this->security->xss_clean($input)); + } + // -------------------------------------------------------------------- public function test_xss_hash() |