diff options
author | Andrey Andreev <narf@devilix.net> | 2015-09-11 17:11:32 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-09-11 17:11:32 +0200 |
commit | bc78748b24ec2d49f0218fa701d1e95259b41187 (patch) | |
tree | f4ca4ae3f2d3ae08668857eb2feb2331bedae955 /tests | |
parent | 2f71c625b8d9ed7efc34b2139695702d6a08f6be (diff) |
Harden xss_clean() more
This time eliminate false positives for the
'naughty html' logic.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index d09128053..9437ececc 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -130,8 +130,13 @@ class Security_test extends CI_TestCase { public function test_xss_clean_sanitize_naughty_html() { - $input = '<blink>'; - $this->assertEquals('<blink>', $this->security->xss_clean($input)); + $this->assertEquals('<blink>', $this->security->xss_clean('<blink>')); + $this->assertEquals('<fubar>', $this->security->xss_clean('<fubar>')); + + $this->assertEquals( + '<img <svg=""> src="x">', + $this->security->xss_clean('<img <svg=""> src="x">') + ); } // -------------------------------------------------------------------- |