public void DInstructionWithSqlMembers_WhenScrubbed_BecomesSafe() { //Arrange: An instruction with malicious html and sql members is constructed. string malicious = "1');DELETE TABLE dbo.example;--"; DInstruction instruction = new DInstruction{ Description = malicious }; //Act: The friended user is scrubbed. instruction.Scrub(); //Assert: The friended user has no html in its members. Assert.AreNotEqual(malicious, instruction.Description); }
public void DInstructionWithHtmlMembers_WhenScrubbed_BecomesSafe() { //Arrange: An instruction with malicious sql members is constructed. string malicious = "<div></div>"; DInstruction instruction = new DInstruction{ Description = malicious }; //Act: The friended user is scrubbed. instruction.Scrub(); //Assert: The friended user has no html in its members. Assert.AreNotEqual(malicious, instruction.Description); }