AjaxControlToolkit.Tests.HtmlSanititzer.DefaultHtmlsanitizerSanitizerTests.DivStyleExpressionHtmlQuotesEncapsulation4XSSTest C# (CSharp) Method

DivStyleExpressionHtmlQuotesEncapsulation4XSSTest() private method

private DivStyleExpressionHtmlQuotesEncapsulation4XSSTest ( ) : void
return void
        public void DivStyleExpressionHtmlQuotesEncapsulation4XSSTest()
        {
            // Arrange
            DefaultHtmlSanitizer target = new DefaultHtmlSanitizer();
            Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList();

            // Act
            string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
            string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList);

            // Assert
            string expected = "<div style=\"background-color:(&lt;\">)\"></div>";
            StringAssert.AreEqualIgnoringCase(expected, actual);
        }
DefaultHtmlsanitizerSanitizerTests