diff --git a/core/modules/system/src/Tests/Entity/EntityQueryTest.php b/core/modules/system/src/Tests/Entity/EntityQueryTest.php
index 2724e6d..3e5a95e 100644
--- a/core/modules/system/src/Tests/Entity/EntityQueryTest.php
+++ b/core/modules/system/src/Tests/Entity/EntityQueryTest.php
@@ -210,6 +210,18 @@ function testEntityQuery() {
     // Unit 0 and unit 1, so bits 0 1.
     $this->assertResult(3, 7, 11, 15);
 
+    // Do the same test but with IN operator.
+    $query = $this->factory->get('entity_test_mulrev');
+    $group_blue = $query->andConditionGroup()->condition("$figures.color", array('blue'), 'IN');
+    $group_red = $query->andConditionGroup()->condition("$figures.color", array('red'), 'IN');
+    $query
+      ->condition($group_blue)
+      ->condition($group_red)
+      ->sort('id')
+      ->execute();
+    // Unit 0 and unit 1, so bits 0 1.
+    $this->assertResult(3, 7, 11, 15);
+
     // An entity might have either red or blue figure.
     $this->queryResults = $this->factory->get('entity_test_mulrev')
       ->condition("$figures.color", array('blue', 'red'), 'IN')
@@ -802,4 +814,20 @@ public function testForwardRevisions() {
     $this->assertEqual($result, [16 => '14']);
   }
 
+  /**
+   * Test against SQL inject of condition field. This covers a
+   * database driver's EntityQuery\Condition class.
+   */
+  public function testInjectionInCondition() {
+    try {
+      $this->queryResults = $this->factory->get('entity_test_mulrev')
+        ->condition('1 ; -- ', array(0, 1), 'IN')
+        ->sort('id')
+        ->execute();
+      $this->fail('SQL Injection attempt in Entity Query condition in operator should result in an exception.');
+    }
+    catch (\Exception $e) {
+      $this->pass('SQL Injection attempt in Entity Query condition in operator should result in an exception.');
+    }
+  }
 }