public void DDefined_InstructionWithSqlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: An avatar with malicious html and sql members is constructed.
string malicious = "1');DELETE TABLE dbo.example;--";
DDefined_Instruction avatar = new DDefined_Instruction{
Description = malicious
};
//Act: The friended user is scrubbed.
avatar.Scrub();
//Assert: The friended user has no html in its members.
Assert.AreNotEqual(malicious, avatar.Description);
}
public void DDefined_InstructionWithHtmlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: An avatar with malicious sql members is constructed.
string malicious = "<div></div>";
DDefined_Instruction avatar = new DDefined_Instruction{
Description = malicious
};
//Act: The friended user is scrubbed.
avatar.Scrub();
//Assert: The friended user has no html in its members.
Assert.AreNotEqual(malicious, avatar.Description);
}