public void DAddressWithHtmlStreet_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>"; DAddress address = new DAddress { Street_Name = malicious}; address.Scrub(); Assert.AreNotEqual(address.Street_Name, malicious); }
public void DAddressWithSqlCity_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--"; DAddress address = new DAddress { City = malicious }; address.Scrub(); Assert.AreNotEqual(address.City, malicious); }
public void DAddressWithHtmlAndSqlStreet_WhenScrubbed_BecomesSafe() { string malicious = "attribute');DROP TABLE dbo.Users;--"; DAddress address = new DAddress { Street_Name = malicious }; address.Scrub(); Assert.AreNotEqual(address.Street_Name, malicious); }