public void ValidateInput_XSS_Unicode ()
{
string problem = "http://server.com/attack2.aspx?test=%uff1cscript%uff1ealert('vulnerability')%uff1c/script%uff1e";
string decoded = HttpUtility.UrlDecode (problem);
int n = decoded.IndexOf ('?');
HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1));
request.ValidateInput ();
// the next statement throws
Assert.AreEqual ("\xff1cscript\xff1ealert('vulnerability')\xff1c/script\xff1e", request.QueryString ["test"], "QueryString");
}