public void DFriended_UserWithSqlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: A friended user with malicious html and sql members is constructed.
string malicious = "1');DELETE TABLE dbo.example;--";
DFriended_User friended_user = new DFriended_User{
username = malicious,
Author_Name = malicious
};
//Act: The friended user is scrubbed.
friended_user.Scrub();
//Assert: The friended user has no html in its members.
Assert.AreNotEqual(malicious, friended_user.username);
Assert.AreNotEqual(malicious, friended_user.Author_Name);
}
public void DFriended_UserWithHtmlMembers_WhenScrubbed_BecomesSafe()
{
//Arrange: A friended user with malicious sql members is constructed.
string malicious = "<div></div>";
DFriended_User friended_user = new DFriended_User{
username = malicious,
Author_Name = malicious
};
//Act: The friended user is scrubbed.
friended_user.Scrub();
//Assert: The friended user has no html in its members.
Assert.AreNotEqual(malicious, friended_user.username);
Assert.AreNotEqual(malicious, friended_user.Author_Name);
}
