public void ImageMultilineInjectedXSSTest()
{
// Arrange
DefaultHtmlSanitizer target = new DefaultHtmlSanitizer();
Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList();
// Act
string htmlFragment = @"<IMG
SRC
=
""
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
""
>
";
string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList);
// Assert
string expected = "<img src=\"\na\r\nl\r\ne\r\nr\r\nt\r\n(\r\n'\r\nX\r\nS\r\nS\r\n'\r\n)\r\n\">\r\n";
StringAssert.AreEqualIgnoringCase(expected, actual);
}