diff options
| author | Andrey Andreev <narf@devilix.net> | 2015-09-11 12:59:40 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2015-09-11 12:59:40 +0200 |
| commit | 58c7bcb85c1a354e1eaebae8ef658516f427378d (patch) | |
| tree | 53ea253fc5979009e80c0bbecf9749cc05e4884c /tests | |
| parent | 12023a79b0c3b45f68cce0357e3009c5884da663 (diff) | |
Replace the latest XSS patches
This one fixes yet another issue, is cleaner and faster.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/codeigniter/core/Security_test.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 1958526ee..ed0838474 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -156,9 +156,14 @@ class Security_test extends CI_TestCase { ); $this->assertEquals( - '<img src="x" [removed]> on=<svg> onerror=alert(1)>', + '<img src="x" on=""> on=<svg> onerror=alert(1)>', $this->security->remove_evil_attributes('<img src="x" on=""> on=<svg> onerror=alert(1)>', FALSE) ); + + $this->assertEquals( + '<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>', + $this->security->remove_evil_attributes('<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>', FALSE) + ); } // -------------------------------------------------------------------- |