summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2015-10-05 11:37:16 +0200
committerAndrey Andreev <narf@devilix.net>2015-10-05 11:37:16 +0200
commitf0f47da9ae4227968ccc9ee6511bcab526498b4c (patch)
treeabd10e1d509ab0656c20f91855474ff66385ceba /tests
parent48844d16102d92fd146d562bc322b5624e44f9dd (diff)
Some more intrusive XSS cleaning
Diffstat (limited to 'tests')
-rw-r--r--tests/codeigniter/core/Security_test.php9
1 files changed, 7 insertions, 2 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index b093393af..52967dc2f 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -146,7 +146,7 @@ class Security_test extends CI_TestCase {
$this->assertEquals('<fubar>', $this->security->xss_clean('<fubar>'));
$this->assertEquals(
- '<img <svg=""> src="x">',
+ '<img [removed]> src="x">',
$this->security->xss_clean('<img <svg=""> src="x">')
);
@@ -209,9 +209,14 @@ class Security_test extends CI_TestCase {
);
$this->assertEquals(
- '<b "=<= [removed]>',
+ '<b [removed] [removed]>',
$this->security->xss_clean('<b "=<= onmouseover=alert(1)>')
);
+
+ $this->assertEquals(
+ '<b [removed] [removed]alert&#40;1&#41;,1>1">',
+ $this->security->xss_clean('<b a=<=" onmouseover="alert(1),1>1">')
+ );
}
// --------------------------------------------------------------------