public void DAvatarWithSqlMembers_WhenScrubbed_BecomesSafe() { //Arrange: An avatar with malicious html and sql members is constructed. string malicious = "1');DELETE TABLE dbo.example;--"; DAvatar avatar = new DAvatar{ Name = malicious, Url = malicious }; //Act: The friended user is scrubbed. avatar.Scrub(); //Assert: The friended user has no html in its members. Assert.AreNotEqual(malicious, avatar.Name); Assert.AreNotEqual(malicious, avatar.Url); }
public void DAvatarWithHtmlMembers_WhenScrubbed_BecomesSafe() { //Arrange: An avatar with malicious sql members is constructed. string malicious = "<div></div>"; DAvatar avatar = new DAvatar{ Name = malicious, Url = malicious }; //Act: The friended user is scrubbed. avatar.Scrub(); //Assert: The friended user has no html in its members. Assert.AreNotEqual(malicious, avatar.Name); Assert.AreNotEqual(malicious, avatar.Url); }