diff options
Diffstat (limited to 'tests/codeigniter/core')
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index ca111c3bf..b093393af 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -162,7 +162,7 @@ class Security_test extends CI_TestCase { { $this->assertEquals('<foo [removed]>', $this->security->xss_clean('<foo onAttribute="bar">')); $this->assertEquals('<foo [removed]>', $this->security->xss_clean('<foo onAttributeNoQuotes=bar>')); - $this->assertEquals('<foo [removed]>', $this->security->xss_clean('<foo onAttributeWithSpaces = bar>')); + $this->assertEquals('<foo [removed]bar>', $this->security->xss_clean('<foo onAttributeWithSpaces = bar>')); $this->assertEquals('<foo prefixOnAttribute="bar">', $this->security->xss_clean('<foo prefixOnAttribute="bar">')); $this->assertEquals('<foo>onOutsideOfTag=test</foo>', $this->security->xss_clean('<foo>onOutsideOfTag=test</foo>')); $this->assertEquals('onNoTagAtAll = true', $this->security->xss_clean('onNoTagAtAll = true')); @@ -207,6 +207,11 @@ class Security_test extends CI_TestCase { '<image src="<>" [removed]>', $this->security->xss_clean('<image src="<>" onerror=\'alert(1)\'>') ); + + $this->assertEquals( + '<b "=<= [removed]>', + $this->security->xss_clean('<b "=<= onmouseover=alert(1)>') + ); } // -------------------------------------------------------------------- |