public void ImageWithEmbeddedCommand2XSSTest()
{
// Arrange
DefaultHtmlSanitizer target = new DefaultHtmlSanitizer();
Dictionary<string, string[]> elementWhiteList = CreateElementWhiteList();
// Act
string htmlFragment = "<IMG SRC=\"Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser\">";
string actual = target.GetSafeHtmlFragment(htmlFragment, elementWhiteList);
// Assert
string expected = "<img src=\"Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser\">";
StringAssert.AreEqualIgnoringCase(expected, actual);
}