AjaxControlToolkit.Tests.HtmlSanititzer.DefaultHtmlsanitizerSanitizerTests.DivStyleExpressionHtmlQuotesEncapsulation6XSSTest C# (CSharp) Метод

        public void DivStyleExpressionHtmlQuotesEncapsulation6XSSTest()
        {
            // Arrange
            DefaultHtmlSanitizer target = new DefaultHtmlSanitizer();
            Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList();

            // Act
            string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
            string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList);

            // Assert
            string expected = "<div style=\"background-color:(&lt;a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\">)\"></div>";
            StringAssert.AreEqualIgnoringCase(expected, actual);
        }