| private DivJavascriptEscapingXSSTest ( ) : void | ||
| Результат | void | |
public void DivJavascriptEscapingXSSTest()
{
// Arrange
DefaultHtmlSanitizer target = new DefaultHtmlSanitizer();
Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList();
// Act
string htmlFragment = "<div style=\"\";alert('XSS');//\">";
string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList);
// Assert
string expected = "<div style=\"\"></div>";
StringAssert.AreEqualIgnoringCase(expected, actual);
}
