public void DUnitWithSqlMembers_WhenScrubbed_BecomesSafe() { //Arrange: An unit with malicious html and sql members is constructed. string malicious = "1');DELETE TABLE dbo.example;--"; DUnit unit = new DUnit{ Long_Name = malicious }; //Act: The friended user is scrubbed. unit.Scrub(); //Assert: The friended user has no html in its members. Assert.AreNotEqual(malicious, unit.Long_Name); }
public void DUnitWithHtmlMembers_WhenScrubbed_BecomesSafe() { //Arrange: An unit with malicious sql members is constructed. string malicious = "<div>"; DUnit unit = new DUnit{ Long_Name = malicious }; //Act: The friended user is scrubbed. unit.Scrub(); //Assert: The friended user has no html in its members. Assert.AreNotEqual(malicious, unit.Long_Name); }