Exemplo n.º 1
0
        public void DIngredientWithSqlMembers_WhenScrubbed_BecomesSafe()
        {
            //Arrange: An ingredient with malicious html and sql members is constructed.
            string malicious = "1');DELETE TABLE dbo.example;--";
            DIngredient ingredient = new DIngredient{
                Long_Name = malicious
            };

            //Act: The friended user is scrubbed.
            ingredient.Scrub();

            //Assert: The friended user has no html in its members.
            Assert.AreNotEqual(malicious, ingredient.Long_Name);
        }
Exemplo n.º 2
0
        public void DIngredientWithHtmlMembers_WhenScrubbed_BecomesSafe()
        {
            //Arrange: An ingredient with malicious sql members is constructed.
            string malicious = "<div></div>";
            DIngredient ingredient = new DIngredient{
                Long_Name = malicious
            };

            //Act: The friended user is scrubbed.
            ingredient.Scrub();

            //Assert: The friended user has no html in its members.
            Assert.AreNotEqual(malicious, ingredient.Long_Name);
        }