diff --git a/modules/simpletest/tests/common.test b/modules/simpletest/tests/common.test
index e8e4033..a5b6fc2 100644
--- a/modules/simpletest/tests/common.test
+++ b/modules/simpletest/tests/common.test
@@ -2368,6 +2368,20 @@ class FormatDateUnitTest extends DrupalWebTestCase {
     date_default_timezone_set(drupal_get_user_timezone());
     drupal_save_session(TRUE);
   }
+
+  /**
+   * Test that date formats are sanitized.
+   */
+  function testDateFormatXSS() {
+    $date_format_info = array(
+      'name' => 'XSS format',
+      'pattern' => array('php' => '\<\s\c\r\i\p\t\>\a\l\e\r\t\(\'\X\S\S\'\)\;\<\/\s\c\r\i\p\t\>'),
+    );
+    system_date_format_save('xss_short', $date_format_info);
+
+    $this->drupalGet('admin/config/regional/date-time');
+    $this->assertNoRaw("<script>alert('XSS');</script>", 'The date format was properly sanitized');
+  }
 }
 
 /**