public void DImageWithHtmlTitle_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>"; DImage image = new DImage { Title = malicious }; image.Scrub(); Assert.AreNotEqual(image.Title, malicious); }
public void DImageWithSqlUsername_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--"; DImage image = new DImage { username = malicious }; image.Scrub(); Assert.AreNotEqual(image.username, malicious); }
public void DImageWithHtmlAndSqlUsername_WhenScrubbed_BecomesSafe() { string malicious = "attribute');DROP TABLE dbo.Users;--"; DImage image = new DImage { username = malicious }; image.Scrub(); Assert.AreNotEqual(image.username, malicious); }