public void XSSAttack() { FirefoxDriver ffox = new FirefoxDriver(); ffox.Navigate().GoToUrl("localhost:58374/safeinsert.aspx"); ffox.FindElementById("sname").SendKeys("23',3);<script>document.body.setAttribute('style','background-image: url(\"http://vignette1.wikia.nocookie.net/simpsons/images/7/7b/Eat_My_Shorts.jpg/revision/latest?cb=20100606181712\");');</script>--"); ffox.FindElementById("sgpa").SendKeys("2.0"); ffox.FindElementById("InsertStudent").Click(); ffox.Navigate().GoToUrl("localhost:58374/unsafeshowall.aspx"); Assert.IsTrue(ffox.FindElementByTagName("body").GetAttribute("style").Contains("url(\"http://vignette1.wikia.nocookie.net/simpsons/images/7/7b/Eat_My_Shorts.jpg/revision/latest?cb=20100606181712"),"XSS Script failed to change background image"); ffox.Navigate().GoToUrl("localhost:58374/safeshowall.aspx"); Assert.IsFalse(ffox.FindElementByTagName("body").GetAttribute("style").Contains("url(\"http://vignette1.wikia.nocookie.net/simpsons/images/7/7b/Eat_My_Shorts.jpg/revision/latest?cb=20100606181712"),"SafeShowAll page failed in preventing background image from being injected"); }