public void DivStyleExpressionDownlevelHiddenBlockXSSTest()
{
// Arrange
DefaultHtmlSanitizer target = new DefaultHtmlSanitizer();
Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList();
// Act
string htmlFragment = "<Div style=\"background-color: expression(<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->)\">";
string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList);
// Assert
string expected = "<div style=\"background-color:(<!--[if gte IE 4]><>alert('XSS');</><![endif]-->)\"></div>";
StringAssert.AreEqualIgnoringCase(expected, actual);
}