diff options
author | Andrey Andreev <narf@devilix.net> | 2015-09-14 10:11:20 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-09-14 10:11:20 +0200 |
commit | 70f60d07253d301ec62789f78587db0dac826a27 (patch) | |
tree | de4625fd544b44795a701df74c27358df3c50f24 /tests/codeigniter/core | |
parent | bc78748b24ec2d49f0218fa701d1e95259b41187 (diff) |
Move _remove_evil_attributes() call
Diffstat (limited to 'tests/codeigniter/core')
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 9437ececc..2e9cd01c4 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -178,6 +178,20 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- + /** + * @depends test_xss_clean_sanitize_naughty_html + * @depends test_remove_evil_attributes + */ + public function test_naughty_html_plus_evil_attributes() + { + $this->assertEquals( + '<svg<img > src="x" [removed]>', + $this->security->xss_clean('<svg<img > src="x" onerror="location=/javascript/.source+/:alert/.source+/(1)/.source">') + ); + } + + // -------------------------------------------------------------------- + public function test_xss_hash() { $this->assertEmpty($this->security->xss_hash); |