AjaxControlToolkit.Tests.HtmlSanititzer.DefaultHtmlsanitizerSanitizerTests.DivStyleExpressionDownlevelHiddenBlockXSSTest C# (CSharp) Метод

        public void DivStyleExpressionDownlevelHiddenBlockXSSTest()
        {
            // Arrange
            DefaultHtmlSanitizer target = new DefaultHtmlSanitizer();
            Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList();

            // Act
            string htmlFragment = "<Div style=\"background-color: expression(<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->)\">";
            string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList);

            // Assert
            string expected = "<div style=\"background-color:(&lt;!--[if gte IE 4]&gt;&lt;&gt;alert(&#39;XSS&#39;);&lt;/&gt;&lt;![endif]--&gt;)\"></div>";
            StringAssert.AreEqualIgnoringCase(expected, actual);
        }