diff options
-rw-r--r-- | system/core/Security.php | 7 | ||||
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 14 |
2 files changed, 17 insertions, 4 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index ade77491d..dd3b2c8f0 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -480,12 +480,8 @@ class CI_Security { } } while ($original !== $str); - unset($original); - // Remove evil attributes such as style, onclick and xmlns - $str = $this->_remove_evil_attributes($str, $is_image); - /* * Sanitize naughty HTML elements * @@ -518,6 +514,9 @@ class CI_Security { while ($old_str !== $str); unset($old_str); + // Remove evil attributes such as style, onclick and xmlns + $str = $this->_remove_evil_attributes($str, $is_image); + /* * Sanitize naughty scripting elements * diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 9437ececc..2e9cd01c4 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -178,6 +178,20 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- + /** + * @depends test_xss_clean_sanitize_naughty_html + * @depends test_remove_evil_attributes + */ + public function test_naughty_html_plus_evil_attributes() + { + $this->assertEquals( + '<svg<img > src="x" [removed]>', + $this->security->xss_clean('<svg<img > src="x" onerror="location=/javascript/.source+/:alert/.source+/(1)/.source">') + ); + } + + // -------------------------------------------------------------------- + public function test_xss_hash() { $this->assertEmpty($this->security->xss_hash); |