public void DUnitWithSqlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: An unit with malicious html and sql members is constructed.
string malicious = "1');DELETE TABLE dbo.example;--";
DUnit unit = new DUnit{
Long_Name = malicious
};
//Act: The friended user is scrubbed.
unit.Scrub();
//Assert: The friended user has no html in its members.
Assert.AreNotEqual(malicious, unit.Long_Name);
}
public void DUnitWithHtmlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: An unit with malicious sql members is constructed.
string malicious = "<div>";
DUnit unit = new DUnit{
Long_Name = malicious
};
//Act: The friended user is scrubbed.
unit.Scrub();
//Assert: The friended user has no html in its members.
Assert.AreNotEqual(malicious, unit.Long_Name);
}
