Fix #3572: CI_Security::_remove_evil_attributes()

2 files changed, 17 insertions, 0 deletions

diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 402422ff8..d967613b5 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -79,6 +79,18 @@ class Security_test extends CI_TestCase {
 
 	// --------------------------------------------------------------------
 
+	public function test_remove_evil_attributes()
+	{
+		$this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttribute="bar">', false));
+		$this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeNoQuotes=bar>', false));
+		$this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeWithSpaces = bar>', false));
+		$this->assertEquals('<foo prefixOnAttribute="bar">', $this->security->remove_evil_attributes('<foo prefixOnAttribute="bar">', false));
+		$this->assertEquals('<foo>onOutsideOfTag=test</foo>', $this->security->remove_evil_attributes('<foo>onOutsideOfTag=test</foo>', false));
+		$this->assertEquals('onNoTagAtAll = true', $this->security->remove_evil_attributes('onNoTagAtAll = true', false));
+	}
+
+	// --------------------------------------------------------------------
+
 	public function test_xss_hash()
 	{
 		$this->assertEmpty($this->security->xss_hash);
diff --git a/tests/mocks/core/security.php b/tests/mocks/core/security.php
index a21fc5cb3..6cff85860 100644
--- a/tests/mocks/core/security.php
+++ b/tests/mocks/core/security.php
@@ -16,6 +16,11 @@ class Mock_Core_Security extends CI_Security {
 		return isset($this->{'_'.$property}) ? $this->{'_'.$property} : NULL;
 	}
 
+	public function remove_evil_attributes($str, $is_image)
+	{
+		return $this->_remove_evil_attributes($str, $is_image);
+	}
+
 	// Override inaccessible protected method
 	public function __call($method, $params)
 	{