summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-02-17 14:57:47 +0100
committerAndrey Andreev <narf@devilix.net>2015-02-17 14:57:47 +0100
commitaf8665d973e63ace812ab1d433ae8b8dce5922c4 (patch)
tree8917a5de00e54c53963b734aaf78872b55c2f4d3 /tests
parentaadd8bdbf248293a854b4e0361bd09155c815acd (diff)
Fix #3572: CI_Security::_remove_evil_attributes()
Diffstat (limited to 'tests')
-rw-r--r--tests/codeigniter/core/Security_test.php12
-rw-r--r--tests/mocks/core/security.php5
2 files changed, 17 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 402422ff8..d967613b5 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -79,6 +79,18 @@ class Security_test extends CI_TestCase {
// --------------------------------------------------------------------
+ public function test_remove_evil_attributes()
+ {
+ $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttribute="bar">', false));
+ $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeNoQuotes=bar>', false));
+ $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeWithSpaces = bar>', false));
+ $this->assertEquals('<foo prefixOnAttribute="bar">', $this->security->remove_evil_attributes('<foo prefixOnAttribute="bar">', false));
+ $this->assertEquals('<foo>onOutsideOfTag=test</foo>', $this->security->remove_evil_attributes('<foo>onOutsideOfTag=test</foo>', false));
+ $this->assertEquals('onNoTagAtAll = true', $this->security->remove_evil_attributes('onNoTagAtAll = true', false));
+ }
+
+ // --------------------------------------------------------------------
+
public function test_xss_hash()
{
$this->assertEmpty($this->security->xss_hash);
diff --git a/tests/mocks/core/security.php b/tests/mocks/core/security.php
index a21fc5cb3..6cff85860 100644
--- a/tests/mocks/core/security.php
+++ b/tests/mocks/core/security.php
@@ -16,6 +16,11 @@ class Mock_Core_Security extends CI_Security {
return isset($this->{'_'.$property}) ? $this->{'_'.$property} : NULL;
}
+ public function remove_evil_attributes($str, $is_image)
+ {
+ return $this->_remove_evil_attributes($str, $is_image);
+ }
+
// Override inaccessible protected method
public function __call($method, $params)
{