summaryrefslogtreecommitdiffstats
path: root/tests/codeigniter/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-09-11 12:59:40 +0200
committerAndrey Andreev <narf@devilix.net>2015-09-11 12:59:40 +0200
commit58c7bcb85c1a354e1eaebae8ef658516f427378d (patch)
tree53ea253fc5979009e80c0bbecf9749cc05e4884c /tests/codeigniter/core
parent12023a79b0c3b45f68cce0357e3009c5884da663 (diff)
Replace the latest XSS patches
This one fixes yet another issue, is cleaner and faster.
Diffstat (limited to 'tests/codeigniter/core')
-rw-r--r--tests/codeigniter/core/Security_test.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 1958526ee..ed0838474 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -156,9 +156,14 @@ class Security_test extends CI_TestCase {
);
$this->assertEquals(
- '<img src="x" [removed]> on=<svg> onerror=alert(1)>',
+ '<img src="x" on=""> on=<svg> onerror=alert(1)>',
$this->security->remove_evil_attributes('<img src="x" on=""> on=<svg> onerror=alert(1)>', FALSE)
);
+
+ $this->assertEquals(
+ '<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>',
+ $this->security->remove_evil_attributes('<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>', FALSE)
+ );
}
// --------------------------------------------------------------------