public void DStateWithSqlShortName_WhenScrubbed_BecomesSafe()
{
string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--";
DState state = new DState { Short_Name = malicious };
state.Scrub();
Assert.AreNotEqual(state.Short_Name, malicious);
}
public void DStateWithHtmlLongName_WhenScrubbed_BecomesSafe()
{
string malicious = "<div>Hello, world!</div>";
DState state = new DState { Long_Name = malicious };
state.Scrub();
Assert.AreNotEqual(state.Long_Name, malicious);
}
public void DStateWithHtmlAndSqlShortName_WhenScrubbed_BecomesSafe()
{
string malicious = "attribute');DROP TABLE dbo.Users;--";
DState state = new DState { Short_Name = malicious };
state.Scrub();
Assert.AreNotEqual(state.Short_Name, malicious);
}
public IEnumerable<DState> State_Update(DState updating)
{
IDataRepository<DState> states =
RepositoryFactory.Instance.Construct<DState>();
states.Update(updating);
return states;
}
public IEnumerable<DState> State_Delete(DState deleting)
{
IDataRepository<DState> contacts =
RepositoryFactory.Instance.Construct<DState>();
IDataRepository<DState> states =
RepositoryFactory.Instance.Construct<DState>();
states.Delete(deleting);
return states;
}
//Parameterless constructor required for databinding.
public DAddress()
{
country = new DCountry();
state = new DState();
}
public ActionResult State_Update(DState updating)
{
return View();
}
public ActionResult State_Delete(DState deleting)
{
return View();
}
public ActionResult State_Create(DState creating)
{
return View();
}
public void DState_WhenComparedAgainstDStateWithSameKey_IsEquivilant()
{
int key = 1;
DState first = new DState { key = key, Long_Name = "First" };
DState second = new DState { key = key, Long_Name = "Second" };
bool equal = first.Equivilant(second);
Assert.AreEqual(true, equal);
}
public void DState_WhenAskedForKey_ReturnsCountryID()
{
DState state = new DState { State_ID = -1 };
int key = state.key;
Assert.AreEqual(key, state.State_ID);
}
