public void DContactWithHtmlLastName_WhenScrubbed_BecomesSafe()
{
string malicious = "<div>Hello, world!</div>";
DContact contact = new DContact { Last_Name = malicious};
contact.Scrub();
Assert.AreNotEqual(contact.Last_Name, malicious);
}
public void DContactWithHtmlRelation_WhenScrubbed_BecomesSafe()
{
string malicious = "<div>Hello, world!</div>";
DContact contact = new DContact { Relation = malicious};
contact.Scrub();
Assert.AreNotEqual(contact.Relation, malicious);
}
public void DContactWithHtmlAndSqlUsername_WhenScrubbed_BecomesSafe()
{
string malicious = "attribute');DROP TABLE dbo.Users;--";
DContact contact = new DContact { username = malicious };
contact.Scrub();
Assert.AreNotEqual(contact.username, malicious);
}
public void DContactWithSqlFirstName_WhenScrubbed_BecomesSafe()
{
string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--";
DContact contact = new DContact { First_Name = malicious };
contact.Scrub();
Assert.AreNotEqual(contact.First_Name, malicious);
}
