From 7ca4096161ec12d58666d04e2fe3ec76a0da958d Mon Sep 17 00:00:00 2001
From: MinSoo Kim <misol.kr@gmail.com>
Date: Sat, 2 Jan 2016 15:39:30 +0900
Subject: [PATCH] =?UTF-8?q?HTML=20Purifer=20=EB=B3=80=EA=B2=BD=20=ED=9B=84?=
 =?UTF-8?q?=20=EB=8B=AC=EB=9D=BC=EC=A7=84=20=EC=98=88=EC=83=81=20=EA=B0=92?=
 =?UTF-8?q?=20=EB=B3=80=EA=B2=BD2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 tests/unit/FuncIncTest.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/unit/FuncIncTest.php b/tests/unit/FuncIncTest.php
index 836370060..62691f8e1 100644
--- a/tests/unit/FuncIncTest.php
+++ b/tests/unit/FuncIncTest.php
@@ -25,7 +25,7 @@ class FuncIncTest extends \Codeception\TestCase\Test
             // embedded encoded tab to break up XSS - http://ha.ckers.org/xss.html
             array(
                 '<IMG SRC="jav&#x09;ascript:alert(\'XSS\');">',
-                '<img src="jav%20ascript%3Aalert(%5C\'XSS%5C\');" alt="jav ascript:alert(\\\'XSS\\\');" />'
+                '<img src="jav%20ascript%3Aalert(\%5C\'XSS\%5C\');" alt="jav ascript:alert(\\\'XSS\\\');" />'
             ),
             // issue 178
             array(
@@ -35,12 +35,12 @@ class FuncIncTest extends \Codeception\TestCase\Test
             // issue 534
             array(
                 '<img src=\'as"df dummy=\'"1234\'" 4321\' asdf/*/>*/"  onerror="console.log(\'Yet another XSS\')">',
-                '<img src="as" alt="as&quot;df dummy=" />*/"  onerror="console.log(\'Yet another XSS\')"&gt;'
+                '<img src="\%5C\'as" alt="\\\'as&quot;df" />*/"  onerror="console.log(\\\'Yet another XSS\\\')"&gt;'
             ),
             // issue 602
             array(
                 '<img alt="test" src="(http://static.naver.com/www/u/2010/0611/nmms_215646753.gif" onload="eval(String.fromCharCode(105,61,49,48,48,59,119,104,105,108,101, 40,105,62,48,41,97,108,101,114,116,40,40,105,45,45,41,43,39,48264,47564,32, 45908,32,53364,47533,54616,49464,50836,39,41,59));">',
-                ''
+                '<img alt="test" src="(http%3A//static.naver.com/www/u/2010/0611/nmms_215646753.gif" />'
             ),
             // issue #1813 https://github.com/xpressengine/xe-core/issues/1813
             array(