summaryrefslogtreecommitdiffstats
path: root/tests/codeigniter/core
diff options
context:
space:
mode:
Diffstat (limited to 'tests/codeigniter/core')
-rw-r--r--tests/codeigniter/core/Security_test.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 433ad313f..14e042ee2 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -71,6 +71,12 @@ class Security_test extends CI_TestCase {
$this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string);
}
+ public function test_xss_clean_entity_double_encoded()
+ {
+ $input = '<a href="&#38&#35&#49&#48&#54&#38&#35&#57&#55&#38&#35&#49&#49&#56&#38&#35&#57&#55&#38&#35&#49&#49&#53&#38&#35&#57&#57&#38&#35&#49&#49&#52&#38&#35&#49&#48&#53&#38&#35&#49&#49&#50&#38&#35&#49&#49&#54&#38&#35&#53&#56&#38&#35&#57&#57&#38&#35&#49&#49&#49&#38&#35&#49&#49&#48&#38&#35&#49&#48&#50&#38&#35&#49&#48&#53&#38&#35&#49&#49&#52&#38&#35&#49&#48&#57&#38&#35&#52&#48&#38&#35&#52&#57&#38&#35&#52&#49">Clickhere</a>';
+ $this->assertEquals('<a 1>Clickhere</a>', $this->security->xss_clean($input));
+ }
+
// --------------------------------------------------------------------
public function test_xss_hash()