public void DStateWithHtmlLongName_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>"; DState state = new DState { Long_Name = malicious }; state.Scrub(); Assert.AreNotEqual(state.Long_Name, malicious); }
public void DStateWithSqlShortName_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--"; DState state = new DState { Short_Name = malicious }; state.Scrub(); Assert.AreNotEqual(state.Short_Name, malicious); }
public void DStateWithHtmlAndSqlShortName_WhenScrubbed_BecomesSafe() { string malicious = "attribute');DROP TABLE dbo.Users;--"; DState state = new DState { Short_Name = malicious }; state.Scrub(); Assert.AreNotEqual(state.Short_Name, malicious); }