Exemplo n.º 1
0
        public void DBlocked_UserWithSqlMembers_WhenScrubbed_BecomesSafe()
        {
            //Arrange: A blocked user with malicious html and sql members are constructed.
            string malicious = "1');DELETE TABLE dbo.example;--";
            DBlocked_User blocked_user = new DBlocked_User{
                username = malicious,
                Author_Name = malicious
            };

            //Act: The blocked user is scrubbed.
            blocked_user.Scrub();

            //Assert: The blocked user has no html in its members.
            Assert.AreNotEqual(malicious, blocked_user.username);
            Assert.AreNotEqual(malicious, blocked_user.Author_Name);
        }
Exemplo n.º 2
0
        public void DBlocked_UserWithHtmlMembers_WhenScrubbed_BecomesSafe()
        {
            //Arrange: A blocked user with malicious sql members is constructed.
            string malicious = "<div></div>";
            DBlocked_User blocked_user = new DBlocked_User{
                username = malicious,
                Author_Name = malicious
            };

            //Act: The blocked user is scrubbed.
            blocked_user.Scrub();

            //Assert: The blocked user has no html in its members.
            Assert.AreNotEqual(malicious, blocked_user.username);
            Assert.AreNotEqual(malicious, blocked_user.Author_Name);
        }