public void TestSanitizeHTML() { var janitor = new XSSDefender(); var badScript = "<script>evil</script>"; string[] whiteList = { "b", "strong", "i", }; badScript = janitor.SanitizeHTML(badScript, whiteList); Assert.AreEqual(@"<script>evil<script>", badScript); }
public void TestSanitizeWithBoldandItalicsHTML() { var janitor = new XSSDefender(); var badScript = "<i><b><script>evil</script></b></i>"; string[] whiteList = { "b", "strong", "i", }; badScript = janitor.SanitizeHTML(badScript, whiteList); Assert.AreEqual(@"<i><b><script>evil<script></b></i>", badScript); }