summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/core/Security.php7
-rw-r--r--tests/codeigniter/core/Security_test.php14
2 files changed, 17 insertions, 4 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index ade77491d..dd3b2c8f0 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -480,12 +480,8 @@ class CI_Security {
}
}
while ($original !== $str);
-
unset($original);
- // Remove evil attributes such as style, onclick and xmlns
- $str = $this->_remove_evil_attributes($str, $is_image);
-
/*
* Sanitize naughty HTML elements
*
@@ -518,6 +514,9 @@ class CI_Security {
while ($old_str !== $str);
unset($old_str);
+ // Remove evil attributes such as style, onclick and xmlns
+ $str = $this->_remove_evil_attributes($str, $is_image);
+
/*
* Sanitize naughty scripting elements
*
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 9437ececc..2e9cd01c4 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -178,6 +178,20 @@ class Security_test extends CI_TestCase {
// --------------------------------------------------------------------
+ /**
+ * @depends test_xss_clean_sanitize_naughty_html
+ * @depends test_remove_evil_attributes
+ */
+ public function test_naughty_html_plus_evil_attributes()
+ {
+ $this->assertEquals(
+ '&lt;svg<img &gt; src="x" [removed]>',
+ $this->security->xss_clean('<svg<img > src="x" onerror="location=/javascript/.source+/:alert/.source+/(1)/.source">')
+ );
+ }
+
+ // --------------------------------------------------------------------
+
public function test_xss_hash()
{
$this->assertEmpty($this->security->xss_hash);