diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index b04d25891..ca111c3bf 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -120,6 +120,17 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- + public function text_xss_clean_js_link_removal() + { + // This one is to prevent a false positive + $this->assertEquals( + "<a href=\"javascrip\n<t\n:alert\n(1)\"\n>", + $this->security->xss_clean("<a href=\"javascrip\n<t\n:alert\n(1)\"\n>") + ); + } + + // -------------------------------------------------------------------- + public function test_xss_clean_js_img_removal() { $input = '<img src="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere'; @@ -191,6 +202,11 @@ class Security_test extends CI_TestCase { '<img src="x"> on=\'x\' onerror=,xssm()>', $this->security->xss_clean('<img src="x"> on=\'x\' onerror=,xssm()>') ); + + $this->assertEquals( + '<image src="<>" [removed]>', + $this->security->xss_clean('<image src="<>" onerror=\'alert(1)\'>') + ); } // -------------------------------------------------------------------- |