summaryrefslogtreecommitdiffstats
path: root/tests/codeigniter/core
diff options
context:
space:
mode:
Diffstat (limited to 'tests/codeigniter/core')
-rw-r--r--tests/codeigniter/core/Security_test.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index ca111c3bf..b093393af 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -162,7 +162,7 @@ class Security_test extends CI_TestCase {
{
$this->assertEquals('<foo [removed]>', $this->security->xss_clean('<foo onAttribute="bar">'));
$this->assertEquals('<foo [removed]>', $this->security->xss_clean('<foo onAttributeNoQuotes=bar>'));
- $this->assertEquals('<foo [removed]>', $this->security->xss_clean('<foo onAttributeWithSpaces = bar>'));
+ $this->assertEquals('<foo [removed]bar>', $this->security->xss_clean('<foo onAttributeWithSpaces = bar>'));
$this->assertEquals('<foo prefixOnAttribute="bar">', $this->security->xss_clean('<foo prefixOnAttribute="bar">'));
$this->assertEquals('<foo>onOutsideOfTag=test</foo>', $this->security->xss_clean('<foo>onOutsideOfTag=test</foo>'));
$this->assertEquals('onNoTagAtAll = true', $this->security->xss_clean('onNoTagAtAll = true'));
@@ -207,6 +207,11 @@ class Security_test extends CI_TestCase {
'<image src="<>" [removed]>',
$this->security->xss_clean('<image src="<>" onerror=\'alert(1)\'>')
);
+
+ $this->assertEquals(
+ '<b "=<= [removed]>',
+ $this->security->xss_clean('<b "=<= onmouseover=alert(1)>')
+ );
}
// --------------------------------------------------------------------