public void DataUnit_WithSqlMaliciousMembers_WillConvertToSafe()
{
//Arrange: a data unit with a member who contains an sql injection script
string malicious = "attribute');DROP TABLE dbo.Users;--";
MockDataUnit unit = new MockDataUnit { attrTwo = malicious };
//Act: A scrub is performed
unit.Scrub();
//Assert: the unit no longer has a malicious member
Assert.AreNotEqual(malicious, unit.attrTwo);
}
public void DataUnit_WithHtmlMaliciousMembers_WillConvertToSafe()
{
//Arrange: a data unit with a member who contains an html tag
string malicious = "<div>Hello, world!</div>";
MockDataUnit unit = new MockDataUnit { attrTwo = malicious };
//Act: A scrub is performed
unit.Scrub();
//Assert: the unit no longer has a malicious member
Assert.AreNotEqual(malicious, unit.attrTwo);
}