summaryrefslogtreecommitdiffstats
path: root/tests/codeigniter/core
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-09-14 10:11:20 +0200
committerAndrey Andreev <narf@devilix.net>2015-09-14 10:11:20 +0200
commit70f60d07253d301ec62789f78587db0dac826a27 (patch)
treede4625fd544b44795a701df74c27358df3c50f24 /tests/codeigniter/core
parentbc78748b24ec2d49f0218fa701d1e95259b41187 (diff)
Move _remove_evil_attributes() call
Diffstat (limited to 'tests/codeigniter/core')
-rw-r--r--tests/codeigniter/core/Security_test.php14
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 9437ececc..2e9cd01c4 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -178,6 +178,20 @@ class Security_test extends CI_TestCase {
// --------------------------------------------------------------------
+ /**
+ * @depends test_xss_clean_sanitize_naughty_html
+ * @depends test_remove_evil_attributes
+ */
+ public function test_naughty_html_plus_evil_attributes()
+ {
+ $this->assertEquals(
+ '&lt;svg<img &gt; src="x" [removed]>',
+ $this->security->xss_clean('<svg<img > src="x" onerror="location=/javascript/.source+/:alert/.source+/(1)/.source">')
+ );
+ }
+
+ // --------------------------------------------------------------------
+
public function test_xss_hash()
{
$this->assertEmpty($this->security->xss_hash);