public void DDrinkWithSqlMembers_WhenScrubbed_BecomesSafe() { //Arrange: An drink with malicious html and sql members is constructed. string malicious = "1');DELETE TABLE dbo.example;--"; DDrink drink = new DDrink{ Name = malicious, Definition = malicious }; //Act: The friended user is scrubbed. drink.Scrub(); //Assert: The friended user has no html in its members. Assert.AreNotEqual(malicious, drink.Name); Assert.AreNotEqual(malicious, drink.Definition); }
public void DDrinkWithHtmlMembers_WhenScrubbed_BecomesSafe() { //Arrange: An drink with malicious sql members is constructed. string malicious = "<div></div>"; DDrink drink = new DDrink{ Name = malicious, Definition = malicious }; //Act: The friended user is scrubbed. drink.Scrub(); //Assert: The friended user has no html in its members. Assert.AreNotEqual(malicious, drink.Name); Assert.AreNotEqual(malicious, drink.Definition); }