public void DEmailWithSqlUrl_WhenScrubbed_BecomesSafe()
{
string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--";
DEmail email = new DEmail { Url = malicious };
email.Scrub();
Assert.AreNotEqual(email.Url, malicious);
}
public void DEmailWithHtmlUrl_WhenScrubbed_BecomesSafe()
{
string malicious = "<div>Hello, world!</div>";
DEmail email = new DEmail { Url = malicious };
email.Scrub();
Assert.AreNotEqual(email.Url, malicious);
}
public void DEmailWithHtmlAndSqlUrl_WhenScrubbed_BecomesSafe()
{
string malicious = "attribute');DROP TABLE dbo.Users;--";
DEmail email = new DEmail { Url = malicious };
email.Scrub();
Assert.AreNotEqual(email.Url, malicious);
}
public void DEmail_WhenComparedAgainstDEmailWithSameKey_IsEquivilant()
{
int key = 1;
DEmail first = new DEmail { key = key, Url = "First" };
DEmail second = new DEmail { key = key, Url = "Second" };
bool equal = first.Equivilant(second);
Assert.AreEqual(true, equal);
}
public IEnumerable<DContact> Email_Update(DEmail updating, string username)
{
IDataRepository<DContact> contacts =
RepositoryFactory.Instance.Construct<DContact>(username);
IDataRepository<DEmail> emails;
if ((emails = contacts.FirstOrDefault(x => x.Contact_ID == updating.Contact_ID)
.emails as IDataRepository<DEmail>) != null){
emails.Update(updating);
}
return contacts;
}
public ActionResult Email_Update(DEmail updating)
{
return View();
}
public ActionResult Email_Delete(DEmail deleting)
{
return View();
}
public ActionResult Email_Create(DEmail creating)
{
return View();
}
public void DEmail_WhenAskedForKey_ReturnsCountryID()
{
DEmail email = new DEmail { Email_ID = -1 };
int key = email.key;
Assert.AreEqual(key, email.Email_ID);
}
