diff options
author | Andrey Andreev <narf@devilix.net> | 2015-10-05 11:37:16 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-10-05 11:37:16 +0200 |
commit | f0f47da9ae4227968ccc9ee6511bcab526498b4c (patch) | |
tree | abd10e1d509ab0656c20f91855474ff66385ceba /tests | |
parent | 48844d16102d92fd146d562bc322b5624e44f9dd (diff) |
Some more intrusive XSS cleaning
Diffstat (limited to 'tests')
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index b093393af..52967dc2f 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -146,7 +146,7 @@ class Security_test extends CI_TestCase { $this->assertEquals('<fubar>', $this->security->xss_clean('<fubar>')); $this->assertEquals( - '<img <svg=""> src="x">', + '<img [removed]> src="x">', $this->security->xss_clean('<img <svg=""> src="x">') ); @@ -209,9 +209,14 @@ class Security_test extends CI_TestCase { ); $this->assertEquals( - '<b "=<= [removed]>', + '<b [removed] [removed]>', $this->security->xss_clean('<b "=<= onmouseover=alert(1)>') ); + + $this->assertEquals( + '<b [removed] [removed]alert(1),1>1">', + $this->security->xss_clean('<b a=<=" onmouseover="alert(1),1>1">') + ); } // -------------------------------------------------------------------- |