summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-09-11 17:11:32 +0200
committerAndrey Andreev <narf@devilix.net>2015-09-11 17:11:32 +0200
commitbc78748b24ec2d49f0218fa701d1e95259b41187 (patch)
treef4ca4ae3f2d3ae08668857eb2feb2331bedae955 /tests
parent2f71c625b8d9ed7efc34b2139695702d6a08f6be (diff)
Harden xss_clean() more
This time eliminate false positives for the 'naughty html' logic.
Diffstat (limited to 'tests')
-rw-r--r--tests/codeigniter/core/Security_test.php9
1 files changed, 7 insertions, 2 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index d09128053..9437ececc 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -130,8 +130,13 @@ class Security_test extends CI_TestCase {
public function test_xss_clean_sanitize_naughty_html()
{
- $input = '<blink>';
- $this->assertEquals('&lt;blink&gt;', $this->security->xss_clean($input));
+ $this->assertEquals('&lt;blink&gt;', $this->security->xss_clean('<blink>'));
+ $this->assertEquals('<fubar>', $this->security->xss_clean('<fubar>'));
+
+ $this->assertEquals(
+ '<img <svg=""> src="x">',
+ $this->security->xss_clean('<img <svg=""> src="x">')
+ );
}
// --------------------------------------------------------------------