public void DContactWithHtmlLastName_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>"; DContact contact = new DContact { Last_Name = malicious}; contact.Scrub(); Assert.AreNotEqual(contact.Last_Name, malicious); }
public void DContactWithHtmlRelation_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>"; DContact contact = new DContact { Relation = malicious}; contact.Scrub(); Assert.AreNotEqual(contact.Relation, malicious); }
public void DContactWithHtmlAndSqlUsername_WhenScrubbed_BecomesSafe() { string malicious = "attribute');DROP TABLE dbo.Users;--"; DContact contact = new DContact { username = malicious }; contact.Scrub(); Assert.AreNotEqual(contact.username, malicious); }
public void DContactWithSqlFirstName_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--"; DContact contact = new DContact { First_Name = malicious }; contact.Scrub(); Assert.AreNotEqual(contact.First_Name, malicious); }