summaryrefslogtreecommitdiffstats
path: root/tests/codeigniter/core/Security_test.php
AgeCommit message (Collapse)AuthorFilesLines
2015-10-05Some more intrusive XSS cleaningAndrey Andreev1-2/+7
2015-10-02More XSS stuffAndrey Andreev1-1/+6
2015-09-21More XSS stuffAndrey Andreev1-0/+16
2015-09-17Don't allow open-ended tags to pass through xss_clean()Andrey Andreev1-0/+1
This was a regression caused by the previous commit
2015-09-17Refactor 'evil attributes' sanitization logicAndrey Andreev1-23/+34
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes().
2015-09-14Another addition to tag detection patterns in xss_clean()Andrey Andreev1-0/+5
2015-09-14Move _remove_evil_attributes() callAndrey Andreev1-0/+14
2015-09-11Harden xss_clean() moreAndrey Andreev1-2/+7
This time eliminate false positives for the 'naughty html' logic.
2015-09-11Improve on previous commitAndrey Andreev1-0/+5
2015-09-11Replace the latest XSS patchesAndrey Andreev1-1/+6
This one fixes yet another issue, is cleaner and faster.
2015-09-10Last commit didn't adjust a RE indexAndrey Andreev1-0/+5
2015-09-10Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev1-4/+4
2015-09-10Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4Andrey Andreev1-1/+1
2015-09-10Fix #4106Andrey Andreev1-0/+8
2015-08-03[ci skip] Normalize tabs/spacesAndrey Andreev1-1/+1
Partial changes from PR #4016
2015-03-26Add FSCommand and seekSegmentTime to evil HTML attributes listAndrey Andreev1-0/+2
2015-03-18Polish some recent changes in test casesAndrey Andreev1-10/+10
2015-03-10Fixed indentationHeesung Ahn1-66/+65
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-10Update Security Unit testHeesung Ahn1-18/+18
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-10Update Security Unit testHeesung Ahn1-3/+91
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-05adding more img tags Heesung Ahn1-2/+14
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-03-02test_strip_omage_tagsHeesung Ahn1-0/+19
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com>
2015-02-17Fix #3572: CI_Security::_remove_evil_attributes()Andrey Andreev1-0/+12
2014-10-22[ci skip] Update 2 links to relate to bcit-ci/Andrey Andreev1-1/+1
2014-05-23Fix #3057Andrey Andreev1-0/+6
2014-03-18More xss_clean() improvementsAndrey Andreev1-1/+1
Issue described in https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37980030 + a false positive
2014-03-18xss_clean() improvementAndrey Andreev1-0/+6
Fixes this: https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37819186
2013-10-17Replace the last rand() with mt_rand()vlakoff1-1/+1
Better entropy, faster. Also fixed a few "it's" typos.
2012-06-09Cleanup/optimize tests/codeigniter/Andrey Andreev1-11/+12
2012-05-27Continuation for Security and Table code-coverage, add coverage report to travisTaufan Aditya1-0/+32
2012-05-15Input class code-coverageTaufan Aditya1-10/+4
2012-05-15Security Code coverageTaufan Aditya1-0/+79
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-07-05 06:50:48 +0200