diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test
index e8e4033..a40c21e 100644
--- a/modules/simpletest/tests/common.test
+++ b/modules/simpletest/tests/common.test
@@ -2368,6 +2368,21 @@ class FormatDateUnitTest extends DrupalWebTestCase {
     date_default_timezone_set(drupal_get_user_timezone());
     drupal_save_session(TRUE);
   }
+
+  /**
+   * Test that date formats are sanitized.
+   */
+  function testDateFormatXSS() {
+    $format = array();
+    $format['format'] = '\<\s\c\r\i\p\t\>\a\l\e\r\t\(\'\X\S\S\'\)\;\<\/\s\c\r\i\p\t\>';
+    $format['type'] = 'custom';
+    $format['locked'] = 0;
+
+    system_date_format_save($format);
+
+    $this->drupalGet('admin/config/regional/date-time');
+    $this->assertNoRaw("<script>alert('XSS');</script>", 'The date format was properly sanitized');
+  }
 }
 
 /**