public void XmlWithCommentObfuscationXSSTest()
{
// Arrange
DefaultHtmlSanitizer target = new DefaultHtmlSanitizer();
Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList();
// Act
string htmlFragment = "<XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML><SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>";
string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList);
// Assert
string expected = "<SPAN></SPAN>";
StringAssert.AreEqualIgnoringCase(expected, actual);
}