diff options
author | Andrey Andreev <narf@devilix.net> | 2015-09-21 15:17:48 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-09-21 15:17:48 +0200 |
commit | 4fbf2d1a8e2b6d33e92f3f353b05388fd3229bd7 (patch) | |
tree | 591cf443d0a498dd75f83f30595d13f53752c053 /tests/codeigniter | |
parent | 088e57db3808f78ee89def94c6ce95b571a88427 (diff) |
More XSS stuff
Diffstat (limited to 'tests/codeigniter')
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index b04d25891..ca111c3bf 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -120,6 +120,17 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- + public function text_xss_clean_js_link_removal() + { + // This one is to prevent a false positive + $this->assertEquals( + "<a href=\"javascrip\n<t\n:alert\n(1)\"\n>", + $this->security->xss_clean("<a href=\"javascrip\n<t\n:alert\n(1)\"\n>") + ); + } + + // -------------------------------------------------------------------- + public function test_xss_clean_js_img_removal() { $input = '<img src="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere'; @@ -191,6 +202,11 @@ class Security_test extends CI_TestCase { '<img src="x"> on=\'x\' onerror=,xssm()>', $this->security->xss_clean('<img src="x"> on=\'x\' onerror=,xssm()>') ); + + $this->assertEquals( + '<image src="<>" [removed]>', + $this->security->xss_clean('<image src="<>" onerror=\'alert(1)\'>') + ); } // -------------------------------------------------------------------- |