From bc78748b24ec2d49f0218fa701d1e95259b41187 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 11 Sep 2015 18:11:32 +0300
Subject: Harden xss_clean() more

This time eliminate false positives for the
'naughty html' logic.
---
 tests/codeigniter/core/Security_test.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'tests/codeigniter/core')

diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index d09128053..9437ececc 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -130,8 +130,13 @@ class Security_test extends CI_TestCase {
 
 	public function test_xss_clean_sanitize_naughty_html()
 	{
-		$input = '<blink>';
-		$this->assertEquals('&lt;blink&gt;', $this->security->xss_clean($input));
+		$this->assertEquals('&lt;blink&gt;', $this->security->xss_clean('<blink>'));
+		$this->assertEquals('<fubar>', $this->security->xss_clean('<fubar>'));
+
+		$this->assertEquals(
+			'<img <svg=""> src="x">',
+			$this->security->xss_clean('<img <svg=""> src="x">')
+		);
 	}
 
 	// --------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b