From c719b4876f91547c936675a3391562c5658f8564 Mon Sep 17 00:00:00 2001
From: Chris S <mrshrinkray@gmail.com>
Date: Thu, 22 Sep 2016 20:08:13 +0100
Subject: [PATCH] refactor: Removed MarkupConverter and using Anglesharp-based
 HtmlSanitizer package instead. Some broken tests from this, and downgraded
 Anglesharp.

---
 src/Roadkill.Core/Roadkill.Core.csproj        |    9 +-
 src/Roadkill.Core/Text/MarkupConverter.cs     |   57 +-
 .../Text/Sanitizer/MarkupSanitizer.cs         |  289 --
 src/Roadkill.Core/packages.config             |    3 +-
 src/Roadkill.Plugins/Roadkill.Plugins.csproj  |    4 +-
 src/Roadkill.Plugins/packages.config          |    2 +-
 src/Roadkill.Tests/Roadkill.Tests.csproj      |    1 -
 .../Unit/Text/MarkupConverterTests.cs         |   62 +-
 .../Unit/Text/MarkupSanitizerTests.cs         | 2346 -----------------
 src/Roadkill.Web/Assets/Scripts/roadkill.js   |   28 +-
 10 files changed, 120 insertions(+), 2681 deletions(-)
 delete mode 100644 src/Roadkill.Core/Text/Sanitizer/MarkupSanitizer.cs
 delete mode 100644 src/Roadkill.Tests/Unit/Text/MarkupSanitizerTests.cs

diff --git a/src/Roadkill.Core/Roadkill.Core.csproj b/src/Roadkill.Core/Roadkill.Core.csproj
index 0dfb4e376..d8830be61 100644
--- a/src/Roadkill.Core/Roadkill.Core.csproj
+++ b/src/Roadkill.Core/Roadkill.Core.csproj
@@ -125,8 +125,8 @@
     <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="AngleSharp, Version=0.9.8.1, Culture=neutral, PublicKeyToken=e83494dcdc6d31ea, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\AngleSharp.0.9.8.1\lib\net45\AngleSharp.dll</HintPath>
+    <Reference Include="AngleSharp, Version=0.9.7.21214, Culture=neutral, PublicKeyToken=e83494dcdc6d31ea, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\AngleSharp.0.9.7\lib\net45\AngleSharp.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Antlr3.Runtime, Version=3.5.0.2, Culture=neutral, PublicKeyToken=eb42632606e9261f, processorArchitecture=MSIL">
@@ -145,6 +145,10 @@
       <HintPath>..\..\packages\HtmlAgilityPack.1.4.9\lib\Net45\HtmlAgilityPack.dll</HintPath>
       <Private>True</Private>
     </Reference>
+    <Reference Include="HtmlSanitizer, Version=3.0.0.0, Culture=neutral, PublicKeyToken=61c49a1a9e79cc28, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\HtmlSanitizer.3.3.132-beta\lib\net45\HtmlSanitizer.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="ICSharpCode.SharpZipLib">
       <HintPath>..\..\packages\SharpZipLib.0.86.0\lib\20\ICSharpCode.SharpZipLib.dll</HintPath>
     </Reference>
@@ -533,7 +537,6 @@
     <Compile Include="Text\Sanitizer\HtmlWhiteList.cs" />
     <Compile Include="Text\Sanitizer\HtmlAttribute.cs" />
     <Compile Include="Text\Sanitizer\HtmlElement.cs" />
-    <Compile Include="Text\Sanitizer\MarkupSanitizer.cs" />
     <Compile Include="Text\ImageEventArgs.cs" />
     <Compile Include="Text\IMarkupParser.cs" />
     <Compile Include="Text\LinkEventArgs.cs" />
diff --git a/src/Roadkill.Core/Text/MarkupConverter.cs b/src/Roadkill.Core/Text/MarkupConverter.cs
index b1574d015..b03ef8b64 100644
--- a/src/Roadkill.Core/Text/MarkupConverter.cs
+++ b/src/Roadkill.Core/Text/MarkupConverter.cs
@@ -1,8 +1,10 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Runtime.Caching;
 using System.Web;
 using System.Text.RegularExpressions;
+using Ganss.XSS;
 using Roadkill.Core.Configuration;
 using Roadkill.Core.Text.Sanitizer;
 using Roadkill.Core.Database;
@@ -293,13 +295,64 @@ private string RemoveHarmfulTags(string html)
 		{
 			if (_applicationSettings.UseHtmlWhiteList)
 			{
-				MarkupSanitizer sanitizer = new MarkupSanitizer(_applicationSettings, true, false, true);
-				return sanitizer.SanitizeHtml(html);
+				HtmlWhiteList htmlWhiteList = GetCachedWhiteList();
+				string[] allowedTags = htmlWhiteList.ElementWhiteList.Select(x => x.Name).ToArray();
+				string[] allowedAttributes = htmlWhiteList.ElementWhiteList.SelectMany(x => x.AllowedAttributes.Select(y => y.Name)).ToArray();
+
+				if (allowedTags.Length == 0)
+					allowedTags = null;
+
+				if (allowedAttributes.Length == 0)
+					allowedAttributes = null;
+
+				var sanitizer = new HtmlSanitizer(allowedTags, null, allowedAttributes);
+				sanitizer.AllowDataAttributes = false;
+				sanitizer.AllowedAttributes.Add("class");
+				sanitizer.AllowedAttributes.Add("id");
+				sanitizer.AllowedSchemes.Add("mailto");
+				sanitizer.RemovingAttribute += Sanitizer_RemovingAttribute;
+
+				return sanitizer.Sanitize(html);
 			}
 			else
 			{
 				return html;
 			}
 		}
+
+		private void Sanitizer_RemovingAttribute(object sender, RemovingAttributeEventArgs e)
+		{
+			// Don't clean /wiki/Special:Tag urls in href="" attributes
+			if (e.Attribute.Name.ToLower() == "href" && e.Attribute.Value.Contains("Special:"))
+			{
+				e.Cancel = true;
+			}
+		}
+
+		private string _cacheKey = "whitelist";
+		internal static MemoryCache _memoryCache = new MemoryCache("MarkupSanitizer");
+
+		/// <summary>
+		/// Changes the key name used for the cache'd version of the HtmlWhiteList object.
+		/// </summary>
+		/// <param name="key"></param>
+		public void SetWhiteListCacheKey(string key)
+		{
+			_memoryCache.Remove(_cacheKey);
+			_cacheKey = key;
+		}
+
+		private HtmlWhiteList GetCachedWhiteList()
+		{
+			HtmlWhiteList whiteList = _memoryCache.Get(_cacheKey) as HtmlWhiteList;
+
+			if (whiteList == null)
+			{
+				whiteList = HtmlWhiteList.Deserialize(_applicationSettings);
+				_memoryCache.Add(_cacheKey, whiteList, new CacheItemPolicy());
+			}
+
+			return whiteList;
+		}
 	}
 }
diff --git a/src/Roadkill.Core/Text/Sanitizer/MarkupSanitizer.cs b/src/Roadkill.Core/Text/Sanitizer/MarkupSanitizer.cs
deleted file mode 100644
index 5afe7c2b7..000000000
--- a/src/Roadkill.Core/Text/Sanitizer/MarkupSanitizer.cs
+++ /dev/null
@@ -1,289 +0,0 @@
-using System.Collections.Generic;
-using System.Linq;
-using System.Runtime.Caching;
-using System.Text;
-using System.Text.RegularExpressions;
-using System.Web;
-using AngleSharp.Dom.Html;
-using AngleSharp.Parser.Html;
-using HtmlAgilityPack;
-using Roadkill.Core.Configuration;
-using HapHtmlAttribute = HtmlAgilityPack.HtmlAttribute;
-
-// Parts of this class are based on source (c) 2009 Codeplex Foundation 
-// from: http://ajaxcontroltoolkit.codeplex.com under the new BSD license.
-namespace Roadkill.Core.Text.Sanitizer
-{
-    /// <summary>
-    /// Sanitizer class that allows tag and attributes those are in whitelist and removes
-    /// other tags and attributes. This also cleans attribute values to remove vulnerable
-    /// words and characters
-    /// </summary>
-    public class MarkupSanitizer
-    {
-		private readonly string[] _encodedCharacters = new string[256];
-		private readonly ApplicationSettings _applicationSettings;
-		private string _cacheKey;
-		internal static MemoryCache _memoryCache = new MemoryCache("MarkupSanitizer");
-		public bool UseWhiteList { get; set; }
-		public bool CleanAttributes { get; set; }
-		public bool EncodeHtmlEntities { get; set; }
-
-		/// <summary>
-		/// The strict version of the cleaner - uses the whitelist, cleans all attributes, encodes 
-		/// all HTML entities in attributes.
-		/// </summary>
-		public MarkupSanitizer(ApplicationSettings settings) : this(settings, true, true, true)
-		{
-
-		}
-
-		/// <summary>
-		/// The customisable/looser version of the cleaner, allows you to customise how strict it is with 
-		/// additional checks like the whitelist, attribute removal, html entity encoding in attributes.
-		/// </summary>
-		public MarkupSanitizer(ApplicationSettings settings, bool useWhiteList, bool cleanAttributes, bool encodeHtmlEntities) 
-		{
-			_applicationSettings = settings;
-			_cacheKey = "whitelist";
-			UseWhiteList = useWhiteList;
-			CleanAttributes = cleanAttributes;
-			EncodeHtmlEntities = encodeHtmlEntities;
-
-			// Intialize an array to mark which characters are to be encoded.
-            for (int i = 0; i < 0xFF; i++)
-            {
-                if (i >= 0x30 && i <= 0x39 || i >= 0x41 && i <= 0x5A || i >= 0x61 && i <= 0x7A)
-                {
-                    _encodedCharacters[i] = null;
-                }
-                else
-                {
-                    _encodedCharacters[i] = i.ToString("X2");
-                }
-            }
-        }
-
-		/// <summary>
-		/// Changes the key name used for the cache'd version of the HtmlWhiteList object.
-		/// </summary>
-		/// <param name="key"></param>
-		public void SetWhiteListCacheKey(string key)
-		{
-			_memoryCache.Remove(_cacheKey);
-			_cacheKey = key;
-		}
-
-		/// <summary>
-		/// A MemoryCache is used as an alternative to a unit-test unfriendly static HtmlWhiteList.
-		/// </summary>
-		private HtmlWhiteList GetCachedWhiteList()
-		{
-			HtmlWhiteList whiteList = _memoryCache.Get(_cacheKey) as HtmlWhiteList;
-
-			if (whiteList == null)
-			{
-				whiteList = HtmlWhiteList.Deserialize(_applicationSettings);
-				_memoryCache.Add(_cacheKey, whiteList, new CacheItemPolicy());
-			}
-
-			return whiteList;
-		}
-
-        /// <summary>
-        /// Removes all tags from a html string that aren't in the whitelist.
-        /// </summary>
-        /// <param name="htmlText">Html Content which need to sanitze.</param>
-        /// <returns>Html text after sanitize.</returns>
-        public string SanitizeHtml(string htmlText)
-        {
-	        if (string.IsNullOrEmpty(htmlText))
-		        return "";
-
-			var parserOptions = new HtmlParserOptions()
-			{
-				IsStrictMode = false
-			};
-			var parser = new HtmlParser(parserOptions);
-			IHtmlDocument document = parser.Parse(htmlText);
-
-			// Create Html document
-			HtmlDocument html = new HtmlDocument();
-            html.OptionFixNestedTags = true;
-            html.OptionAutoCloseOnEnd = true;
-            html.OptionDefaultStreamEncoding = Encoding.UTF8;
-            html.LoadHtml(htmlText);
-
-            HtmlNode allNodes = html.DocumentNode;
-
-			if (UseWhiteList)
-			{
-				CleanNoneWhiteListedAttributes(allNodes);
-			}
-			else
-			{
-				CleanAllTagAttributes(allNodes);
-			}
-
-			return allNodes.InnerHtml;
-        }
-
-		private void CleanAllTagAttributes(HtmlNode allNodes)
-		{
-			IEnumerable<HtmlNode> nodes = allNodes.DescendantsAndSelf();
-
-			foreach (HtmlNode node in nodes)
-			{
-				if (!node.HasAttributes) continue;
-
-				// Get all the allowed attributes for this tag
-				HapHtmlAttribute[] attributes = node.Attributes.ToArray();
-				foreach (HapHtmlAttribute attribute in attributes)
-				{
-					CleanAttributeValues(attribute);
-				}
-			}
-		}
-
-		private void CleanNoneWhiteListedAttributes(HtmlNode allNodes)
-		{
-			string[] tagNames = GetCachedWhiteList().ElementWhiteList.Select(x => x.Name).ToArray();
-			CleanNodes(allNodes, tagNames);
-
-			// Filter the attributes of the remaining
-			foreach (HtmlElement whiteListTag in GetCachedWhiteList().ElementWhiteList)
-			{
-				IEnumerable<HtmlNode> nodes = (from n in allNodes.DescendantsAndSelf()
-											   where n.Name == whiteListTag.Name
-											   select n);
-
-				if (nodes == null)
-					continue;
-
-				foreach (HtmlNode node in nodes)
-				{
-					if (!node.HasAttributes) continue;
-
-					// Get all the allowed attributes for this tag
-					HapHtmlAttribute[] attributes = node.Attributes.ToArray();
-					foreach (HapHtmlAttribute attribute in attributes)
-					{
-						if (!whiteListTag.ContainsAttribute(attribute.Name))
-						{
-							attribute.Remove(); // Wasn't in the list
-						}
-						else
-						{
-							CleanAttributeValues(attribute);
-						}
-					}
-				}
-			}
-		}
-
-		/// <summary>
-		/// This removes the current node tags and its child nodes if these are not in whitelist.
-		/// </summary>
-		/// <param name="node"></param>
-		/// <param name="tagWhiteList"></param>
-		private void CleanNodes(HtmlNode node, string[] tagWhiteList)
-        {
-            // remove node that is not in the whitelist.
-            if (node.NodeType == HtmlNodeType.Element)
-            {
-                if (!tagWhiteList.Contains(node.Name))
-                {
-                    node.ParentNode.RemoveChild(node);
-                    return; // We're done
-                }
-            }
-
-            // remove nested nodes those are not in the whitelist.
-            if (node.HasChildNodes)
-                CleanChildren(node, tagWhiteList);
-        }
-
-        /// <summary>
-        /// Apply CleanNodes to each of the child nodes
-        /// </summary>
-        private void CleanChildren(HtmlNode parent, string[] tagWhiteList)
-        {
-            for (int i = parent.ChildNodes.Count - 1; i >= 0; i--)
-                CleanNodes(parent.ChildNodes[i], tagWhiteList);
-        }
-
-        /// <summary>
-        /// This removes the vulnerable keywords and make values safe by html encoding and html character escaping.
-        /// </summary>        
-        /// <param name="attribute">Attribute that contain values that need to check and clean.</param>
-        private void CleanAttributeValues(HapHtmlAttribute attribute)
-        {
-			if (CleanAttributes)
-			{
-				attribute.Value = HttpUtility.HtmlEncode(attribute.Value);
-
-				attribute.Value = Regex.Replace(attribute.Value, @"\s*j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*", "", RegexOptions.IgnoreCase);
-				attribute.Value = Regex.Replace(attribute.Value, @"\s*s\s*c\s*r\s*i\s*p\s*t\s*", "", RegexOptions.IgnoreCase);
-
-				if (attribute.Name.ToLower() == "style")
-				{
-					attribute.Value = Regex.Replace(attribute.Value, @"\s*e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*", "", RegexOptions.IgnoreCase);
-					attribute.Value = Regex.Replace(attribute.Value, @"\s*b\s*e\s*h\s*a\s*v\s*i\s*o\s*r\s*", "", RegexOptions.IgnoreCase);
-				}
-
-				if (attribute.Name.ToLower() == "href" || attribute.Name.ToLower() == "src")
-				{
-					attribute.Value = Regex.Replace(attribute.Value, @"\s*m\s*o\s*c\s*h\s*a\s*", "", RegexOptions.IgnoreCase);
-				}
-			}
-
-            // HtmlEntity Escape
-			if (EncodeHtmlEntities)
-			{
-				// Ensure no double encoding goes on - reverse the ones done by the CreoleParser
-				string value = attribute.Value;
-				value = value.Replace("&#x32;", "\"");
-				value = value.Replace("&#x3C;", "<");
-				value = value.Replace("&#x3E;", ">");
-				value = value.Replace("&#x26;", "&");
-				value = value.Replace("&#x27;", "'");
-				attribute.Value = value;
-
-				StringBuilder sbAttributeValue = new StringBuilder();
-				foreach (char c in attribute.Value.ToCharArray())
-				{
-					sbAttributeValue.Append(EncodeCharacterToHtmlEntityEscape(c));
-				}
-
-				attribute.Value = sbAttributeValue.ToString();
-			}            
-        }
-
-        /// <summary>
-        /// To encode html attribute characters to hex format except alphanumeric characters. 
-        /// </summary>
-        /// <param name="c">Character from the attribute value</param>
-        /// <returns>Hex formatted string.</returns>
-        private string EncodeCharacterToHtmlEntityEscape(char c)
-        {   
-            string hex; 
-            // check for alphanumeric characters
-            if (c < 0xFF)
-            {
-                hex = _encodedCharacters[c];
-                if (hex == null)
-                    return "" + c;
-            }
-            else
-                hex = ((int)(c)).ToString("X2");
-            
-            // check for illegal characters
-            if ((c <= 0x1f && c != '\t' && c != '\n' && c != '\r') || (c >= 0x7f && c <= 0x9f))
-            {
-                hex = "fffd"; // Let's entity encode this instead of returning it
-            }
-
-            return "&#x" + hex + ";";
-        }
-    }
-}
diff --git a/src/Roadkill.Core/packages.config b/src/Roadkill.Core/packages.config
index 066b889e0..01a06c1b1 100644
--- a/src/Roadkill.Core/packages.config
+++ b/src/Roadkill.Core/packages.config
@@ -1,12 +1,13 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="AngleSharp" version="0.9.8.1" targetFramework="net45" />
+  <package id="AngleSharp" version="0.9.7" targetFramework="net45" />
   <package id="Antlr" version="3.5.0.2" targetFramework="net45" />
   <package id="CommonMark.NET" version="0.10.0" targetFramework="net45" />
   <package id="CommonServiceLocator" version="1.3" targetFramework="net45" />
   <package id="Dapper" version="1.50.2" targetFramework="net45" />
   <package id="DotNetZip" version="1.9.7" targetFramework="net45" />
   <package id="HtmlAgilityPack" version="1.4.9" targetFramework="net45" />
+  <package id="HtmlSanitizer" version="3.3.132-beta" targetFramework="net45" />
   <package id="Lucene.Net" version="3.0.3" targetFramework="net40" />
   <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net45" />
   <package id="Microsoft.AspNet.Mvc.FixedDisplayModes" version="5.0.0" targetFramework="net45" />
diff --git a/src/Roadkill.Plugins/Roadkill.Plugins.csproj b/src/Roadkill.Plugins/Roadkill.Plugins.csproj
index 72bb70ddf..3eab60a56 100644
--- a/src/Roadkill.Plugins/Roadkill.Plugins.csproj
+++ b/src/Roadkill.Plugins/Roadkill.Plugins.csproj
@@ -31,8 +31,8 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="AngleSharp, Version=0.9.8.1, Culture=neutral, PublicKeyToken=e83494dcdc6d31ea, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\AngleSharp.0.9.8.1\lib\net45\AngleSharp.dll</HintPath>
+    <Reference Include="AngleSharp, Version=0.9.7.21214, Culture=neutral, PublicKeyToken=e83494dcdc6d31ea, processorArchitecture=MSIL">
+      <HintPath>..\..\packages\AngleSharp.0.9.7\lib\net45\AngleSharp.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
diff --git a/src/Roadkill.Plugins/packages.config b/src/Roadkill.Plugins/packages.config
index 5530f7493..8055c2a32 100644
--- a/src/Roadkill.Plugins/packages.config
+++ b/src/Roadkill.Plugins/packages.config
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="AngleSharp" version="0.9.8.1" targetFramework="net45" />
+  <package id="AngleSharp" version="0.9.7" targetFramework="net45" />
   <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net45" />
   <package id="Microsoft.AspNet.Razor" version="3.2.3" targetFramework="net45" />
   <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net45" />
diff --git a/src/Roadkill.Tests/Roadkill.Tests.csproj b/src/Roadkill.Tests/Roadkill.Tests.csproj
index 49c2ff0b2..b1f7a13fb 100644
--- a/src/Roadkill.Tests/Roadkill.Tests.csproj
+++ b/src/Roadkill.Tests/Roadkill.Tests.csproj
@@ -439,7 +439,6 @@
     <Compile Include="Unit\Text\MarkupLinkUpdaterTests.cs" />
     <Compile Include="Unit\Text\MenuParserTests.cs" />
     <Compile Include="Unit\Plugins\TocParserTests.cs" />
-    <Compile Include="Unit\Text\MarkupSanitizerTests.cs" />
     <Compile Include="Unit\Text\MarkdownTests.cs" />
     <Compile Include="Integration\Configuration\FullTrustConfigReaderWriterTests.cs" />
     <Compile Include="TestConstants.cs" />
diff --git a/src/Roadkill.Tests/Unit/Text/MarkupConverterTests.cs b/src/Roadkill.Tests/Unit/Text/MarkupConverterTests.cs
index ebd2714bc..bc4c2b860 100644
--- a/src/Roadkill.Tests/Unit/Text/MarkupConverterTests.cs
+++ b/src/Roadkill.Tests/Unit/Text/MarkupConverterTests.cs
@@ -138,7 +138,7 @@ public void links_starting_with_https_or_hash_are_not_rewritten_as_internal()
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a rel=\"nofollow\" href=\"&#x23;myanchortag\">hello world</a> <a rel=\"nofollow\" href=\"https&#x3A;&#x2F;&#x2F;www&#x2E;google&#x2E;com\" class=\"external&#x2D;link\">google</a>\n</p>";
+			string expectedHtml = "<p><a rel=\"nofollow\" href=\"#myanchortag\">hello world</a> <a rel=\"nofollow\" href=\"https://www.google.com/\" class=\"external-link\">google</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[#myanchortag|hello world]] [[https://www.google.com|google]]");
@@ -154,7 +154,7 @@ public void links_with_dashes_or_23_are_rewritten_and_not_parsed_as_encoded_hash
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a rel=\"nofollow\" href=\"&#x23;myanchortag\">hello world</a> <a rel=\"nofollow\" href=\"https&#x3A;&#x2F;&#x2F;www&#x2E;google&#x2E;com&#x2F;some&#x2D;page&#x2D;23\" class=\"external&#x2D;link\">google</a>\n</p>";
+			string expectedHtml = "<p><a rel=\"nofollow\" href=\"#myanchortag\">hello world</a> <a rel=\"nofollow\" href=\"https://www.google.com/some-page-23\" class=\"external-link\">google</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[#myanchortag|hello world]] [[https://www.google.com/some-page-23|google]]");
@@ -170,7 +170,7 @@ public void links_to_named_anchors_should_not_have_external_css_class()
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a rel=\"nofollow\" href=\"&#x23;myanchortag\">hello world</a>\n</p>";
+			string expectedHtml = "<p><a rel=\"nofollow\" href=\"#myanchortag\">hello world</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[#myanchortag|hello world]]");
@@ -186,7 +186,7 @@ public void links_starting_with_tilde_should_resolve_as_attachment_paths()
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a href=\"&#x2F;Attachments&#x2F;my&#x2F;folder&#x2F;image1&#x2E;jpg\">hello world</a>\n</p>";
+			string expectedHtml = "<p><a href=\"/Attachments/my/folder/image1.jpg\">hello world</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[~/my/folder/image1.jpg|hello world]]");
@@ -204,7 +204,7 @@ public void external_links_with_anchor_tag_should_retain_the_anchor()
 			_pageRepository.AddNewPage(new Page() { Id = 1, Title = "foo" }, "foo", "admin", DateTime.Today);
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a rel=\"nofollow\" href=\"http&#x3A;&#x2F;&#x2F;www&#x2E;google&#x2E;com&#x2F;&#x3F;blah&#x3D;xyz&#x23;myanchor\" class=\"external&#x2D;link\">Some link text</a>\n</p>";
+			string expectedHtml = "<p><a rel=\"nofollow\" href=\"http://www.google.com/?blah=xyz#myanchor\" class=\"external-link\">Some link text</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[http://www.google.com/?blah=xyz#myanchor|Some link text]]");
@@ -221,7 +221,7 @@ public void internal_wiki_page_link_should_not_have_nofollow_attribute()
 			_pageRepository.AddNewPage(new Page() { Id = 1, Title = "foo-page" }, "foo", "admin", DateTime.Today);
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a href=\"&#x2F;wiki&#x2F;1&#x2F;foo&#x2D;page\">Some link text</a>\n</p>";
+			string expectedHtml = "<p><a href=\"/wiki/1/foo-page\">Some link text</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[foo-page|Some link text]]");
@@ -237,7 +237,7 @@ public void attachment_link_should_not_have_nofollow_attribute()
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a href=\"&#x2F;Attachments&#x2F;folder&#x2F;myfile&#x2E;jpg\">Some link text</a> <a href=\"&#x2F;Attachments&#x2F;folder2&#x2F;myfile&#x2E;jpg\">Some link text</a>\n</p>";
+			string expectedHtml = "<p><a href=\"/Attachments/folder/myfile.jpg\">Some link text</a> <a href=\"/Attachments/folder2/myfile.jpg\">Some link text</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[~/folder/myfile.jpg|Some link text]] [[attachment:/folder2/myfile.jpg|Some link text]]");
@@ -253,7 +253,7 @@ public void specialurl_link_should_not_have_nofollow_attribute()
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a href=\"&#x2F;wiki&#x2F;Special&#x3A;Random\">Some link text</a>\n</p>";
+			string expectedHtml = "<p><a href=\"/wiki/Special:Random\">Some link text</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[Special:Random|Some link text]]");
@@ -271,7 +271,7 @@ public void internal_links_with_anchor_tag_should_retain_the_anchor()
 			_pageRepository.AddNewPage(new Page() { Id = 1, Title = "foo" }, "foo", "admin", DateTime.Today);
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a href=\"&#x2F;wiki&#x2F;1&#x2F;foo&#x23;myanchor\">Some link text</a>\n</p>"; // use /index/ as no routing exists
+			string expectedHtml = "<p><a href=\"/wiki/1/foo#myanchor\">Some link text</a>\n</p>"; // use /index/ as no routing exists
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[foo#myanchor|Some link text]]");
@@ -289,7 +289,7 @@ public void internal_links_with_urlencoded_anchor_tag_should_retain_the_anchor()
 			_pageRepository.AddNewPage(new Page() { Id = 1, Title = "foo" }, "foo", "admin", DateTime.Today);
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a href=\"&#x2F;wiki&#x2F;1&#x2F;foo&#x25;23myanchor\">Some link text</a>\n</p>";
+			string expectedHtml = "<p><a href=\"/wiki/1/foo%23myanchor\">Some link text</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[foo%23myanchor|Some link text]]");
@@ -307,7 +307,7 @@ public void internal_links_with_anchor_tag_should_retain_the_anchor_with_markdow
 			_pageRepository.AddNewPage(new Page() { Id = 1, Title = "foo" }, "foo", "admin", DateTime.Today);
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a href=\"&#x2F;wiki&#x2F;1&#x2F;foo&#x23;myanchor\">Some link text</a></p>\n"; // use /index/ as no routing exists
+			string expectedHtml = "<p><a href=\"/wiki/1/foo#myanchor\">Some link text</a></p>\n"; // use /index/ as no routing exists
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[Some link text](foo#myanchor)");
@@ -324,7 +324,7 @@ public void links_with_the_word_script_in_url_should_not_be_cleaned()
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a rel=\"nofollow\" href=\"http&#x3A;&#x2F;&#x2F;msdn&#x2E;microsoft&#x2E;com&#x2F;en&#x2D;us&#x2F;library&#x2F;system&#x2E;componentmodel&#x2E;descriptionattribute&#x2E;aspx\" class=\"external&#x2D;link\">ComponentModel.Description</a>\n</p>";
+			string expectedHtml = "<p><a rel=\"nofollow\" href=\"http://msdn.microsoft.com/en-us/library/system.componentmodel.descriptionattribute.aspx\" class=\"external-link\">ComponentModel.Description</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[http://msdn.microsoft.com/en-us/library/system.componentmodel.descriptionattribute.aspx|ComponentModel.Description]]");
@@ -341,7 +341,7 @@ public void links_with_angle_brackets_and_quotes_should_be_encoded()
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a rel=\"nofollow\" href=\"http&#x3A;&#x2F;&#x2F;www&#x2E;google&#x2E;com&#x2F;&#x22;&#x3E;javascript&#x3A;alert&#x28;&#x27;hello&#x27;&#x29;\" class=\"external&#x2D;link\">ComponentModel</a>\n</p>";
+			string expectedHtml = "<p><a rel=\"nofollow\" href=\"http://www.google.com/2%3Ejavascript:alert('hello')\" class=\"external-link\">ComponentModel</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[http://www.google.com/\">javascript:alert('hello')|ComponentModel]]");
@@ -358,7 +358,7 @@ public void links_starting_with_attachmentcolon_should_resolve_as_attachment_pat
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a href=\"&#x2F;Attachments&#x2F;my&#x2F;folder&#x2F;image1&#x2E;jpg\">hello world</a>\n</p>";
+			string expectedHtml = "<p><a href=\"/Attachments/my/folder/image1.jpg\">hello world</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[attachment:/my/folder/image1.jpg|hello world]]");
@@ -374,7 +374,7 @@ public void links_starting_with_specialcolon_should_resolve_as_full_specialpage(
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a href=\"&#x2F;wiki&#x2F;Special&#x3A;Foo\">My special page</a>\n</p>";
+			string expectedHtml = "<p><a href=\"/wiki/Special:Foo\">My special page</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[Special:Foo|My special page]]");
@@ -390,7 +390,7 @@ public void links_starting_with_http_www_mailto_tag_are_no_rewritten_as_internal
 			_settingsRepository.SiteSettings.MarkupType = "Creole";
 			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
 
-			string expectedHtml = "<p><a rel=\"nofollow\" href=\"http&#x3A;&#x2F;&#x2F;www&#x2E;blah&#x2E;com\" class=\"external&#x2D;link\">link1</a> <a rel=\"nofollow\" href=\"www&#x2E;blah&#x2E;com\" class=\"external&#x2D;link\">link2</a> <a rel=\"nofollow\" href=\"mailto&#x3A;spam&#x40;gmail&#x2E;com\" class=\"external&#x2D;link\">spam</a>\n</p>";
+			string expectedHtml = "<p><a rel=\"nofollow\" href=\"http://www.blah.com/\" class=\"external-link\">link1</a> <a rel=\"nofollow\" href=\"www.blah.com\" class=\"external-link\">link2</a> <a rel=\"nofollow\" href=\"mailto:spam@gmail.com\" class=\"external-link\">spam</a>\n</p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml("[[http://www.blah.com|link1]] [[www.blah.com|link2]] [[mailto:spam@gmail.com|spam]]");
@@ -427,14 +427,14 @@ public void should_not_render_toc_with_multiple_curlies()
 			_markupConverter.UrlResolver = new UrlResolverMock();
 
 			string htmlFragment = "Give me a {{TOC}} and a {{{TOC}}} - the should not render a TOC";
-			string expected = @"<p>Give me a <div class=""floatnone""><div class=""image&#x5F;frame""><img src=""&#x2F;Attachments&#x2F;TOC""></div></div> and a TOC - the should not render a TOC"
-				+ "\n</p>";
+			string expected = @"<p>Give me a </p><div class=""floatnone""><div class=""image_frame""><img src=""/Attachments/TOC""></div></div> and a TOC - the should not render a TOC"
+				+ "\n<p></p>";
 
 			// Act
 			string actualHtml = _markupConverter.ToHtml(htmlFragment);
 
 			// Assert
-			Assert.That(actualHtml, Is.EqualTo(expected));
+			Assert.That(actualHtml, Is.EqualTo(expected), actualHtml);
 		}
 
 		[Test]
@@ -451,12 +451,14 @@ public void warningbox_token_with_nowiki_adds_pre_and_renders_token_html()
 			expectedHtml = expectedHtml.Replace("\r\n", "\n"); // fix line ending issues
 
 			// Act
+			;
 			string actualHtml = _markupConverter.ToHtml(@"@@warningbox:ENTER YOUR CONTENT HERE 
-{{{
-here is my C#code
-}}} 
+
+        here is my C#code
+ 
 
 @@");
+			Console.WriteLine(actualHtml);
 
 			// Assert
 			Assert.That(actualHtml, Is.EqualTo(expectedHtml), actualHtml);
@@ -540,6 +542,22 @@ public void should_fire_afterparse_in_textplugin_and_output_should_not_be_cleane
 			Assert.That(actualHtml, Is.EqualTo(expectedHtml));
 		}
 
+		[Test]
+		public void should_allow_style_tags()
+		{
+			// Arrange
+			_settingsRepository.SiteSettings.MarkupType = "Markdown";
+			_markupConverter = new MarkupConverter(_applicationSettings, _settingsRepository, _pageRepository, _pluginFactory);
+
+			string expectedHtml = "";
+
+			// Act
+			string actualHtml = _markupConverter.ToHtml("<b style='color:black'><script>alert('foo')</script></b>");
+
+			// Assert
+			Assert.That(actualHtml, Is.EqualTo(expectedHtml));
+		}
+
 		// TODO:
 		// ContainsPageLink - 
 		// ReplacePageLinks - Refactor into seperate class
diff --git a/src/Roadkill.Tests/Unit/Text/MarkupSanitizerTests.cs b/src/Roadkill.Tests/Unit/Text/MarkupSanitizerTests.cs
deleted file mode 100644
index 7b87435fb..000000000
--- a/src/Roadkill.Tests/Unit/Text/MarkupSanitizerTests.cs
+++ /dev/null
@@ -1,2346 +0,0 @@
-// To create unit tests in this class reference is taken from
-// https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.232_-_Attribute_Escape_Before_Inserting_Untrusted_Data_into_HTML_Common_Attributes
-// and http://ha.ckers.org/xss.html
-
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Xml.Serialization;
-using NUnit.Framework;
-using Roadkill.Core.Configuration;
-using Roadkill.Core.Text.Sanitizer;
-
-namespace Roadkill.Tests.Unit.Text
-{
-	[TestFixture]
-	[Category("Unit")]
-	public class MarkupSanitizerTests
-	{
-		private ApplicationSettings _settings;
-
-		[SetUp]
-		public void Setup()
-		{
-			_settings = new ApplicationSettings();
-			_settings.UseHtmlWhiteList = true;
-		}
-
-		[Test]
-		[Ignore("This was use to generate the initial Whitelist XML file and isn't a test")]
-		public void GenerateTestXmlFile()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			using (FileStream stream = new FileStream("test.xml", FileMode.Create, FileAccess.Write))
-			{
-				//XmlSerializer serializer = new XmlSerializer(typeof(HtmlWhiteList));
-				//serializer.Serialize(stream, MarkupSanitizer._htmlWhiteList);
-
-				XmlSerializer serializer = new XmlSerializer(typeof(HtmlWhiteList));
-
-				List<HtmlElement> list = new List<HtmlElement>();
-				list.Add(new HtmlElement("blah", new string[] { "id", "class" }));
-				list.Add(new HtmlElement("test", new string[] { "href" }));
-
-				HtmlWhiteList whiteList = new HtmlWhiteList();
-				whiteList.ElementWhiteList = list;
-
-				serializer.Serialize(stream, whiteList);
-			}
-		}
-
-		[Test]
-		public void shoulddeserializewhitelistfromexistingxmlfile()
-		{
-			// Arrange
-			string whitelistFile = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Unit", "Text", "whitelist.xml");
-			ApplicationSettings settings = new ApplicationSettings();
-			settings.HtmlElementWhiteListPath = whitelistFile;
-
-			string htmlFragment = "<test href=\"http://www.google.com\">link</test> <blah id=\"myid\" class=\"class1 class2\">somediv</blah><a href=\"test\">test</a>";
-
-			// Act
-			MarkupSanitizer sanitizer = new MarkupSanitizer(settings);
-			sanitizer.SetWhiteListCacheKey("ShouldDeserializeWhiteListFromExistingXmlFile");
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<test href=\"http&#x3A;&#x2F;&#x2F;www&#x2E;google&#x2E;com\">link</test> <blah id=\"myid\" class=\"class1&#x20;class2\">somediv</blah>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		[Test]
-		public void shoulddeserializewhitelistfromgeneratedxmlfile()
-		{
-			// Arrange
-			string whitelistFile = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "whitelistgenerated.xml");
-			ApplicationSettings settings = new ApplicationSettings();
-			settings.HtmlElementWhiteListPath = whitelistFile;
-			
-			using (FileStream stream = new FileStream(whitelistFile, FileMode.Create, FileAccess.Write))
-			{
-				XmlSerializer serializer = new XmlSerializer(typeof(HtmlWhiteList));
-				
-				List<HtmlElement> list = new List<HtmlElement>();
-				list.Add(new HtmlElement("blah", new string[] { "id", "class" }));
-				list.Add(new HtmlElement("test", new string[] { "href" }));
-				
-				HtmlWhiteList whiteList = new HtmlWhiteList();
-				whiteList.ElementWhiteList = list;
-
-				serializer.Serialize(stream, whiteList);
-			}
-
-			string htmlFragment = "<test href=\"http://www.google.com\">link</test> <blah id=\"myid\" class=\"class1 class2\">somediv</blah><a href=\"test\">test</a>";
-
-			// Act
-			MarkupSanitizer sanitizer = new MarkupSanitizer(settings);
-			sanitizer.SetWhiteListCacheKey("ShouldDeserializeWhiteListFromGeneratedXmlFile");
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<test href=\"http&#x3A;&#x2F;&#x2F;www&#x2E;google&#x2E;com\">link</test> <blah id=\"myid\" class=\"class1&#x20;class2\">somediv</blah>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Xss locator
-		/// Example <!-- <a href="'';!--\"<XSS>=&{()}"> --> 
-		/// </summary>
-		[Test]
-		public void xsslocatortest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<a href=\"'';!--\"<XSS>=&{()}\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<a href=\"&#x26;&#x23;39&#x3B;&#x26;&#x23;39&#x3B;&#x3B;&#x21;&#x2D;&#x2D;\"></a>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector
-		/// Example <!-- <IMG SRC="javascript:alert('XSS');"> -->
-		/// </summary>
-		[Test]
-		public void imagexss1test()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Action
-			string htmlFragment = "<IMG SRC=\"javascript:alert('XSS');\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x3B;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector without quotes and semicolon.
-		/// Example <!-- <IMG SRC=javascript:alert('XSS')> -->
-		/// </summary>
-		[Test]
-		public void imagexss2test()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=javascript:alert('XSS')>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image xss vector with case insensitive.
-		/// Example <!-- <IMG SRC=JaVaScRiPt:alert('XSS')> -->
-		/// </summary>
-		[Test]
-		public void imagecaseinsensitivexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=JaVaScRiPt:alert('XSS')>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with Html entities
-		/// Example <!-- <IMG SRC=javascript:alert(&quot;XSS&quot;)> -->
-		/// </summary>
-		[Test]
-		public void imagehtmlentitiesxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=javascript:alert(&quot;XSS&quot;)>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x3A;alert&#x28;&#x26;amp&#x3B;quot&#x3B;XSS&#x26;amp&#x3B;quot&#x3B;&#x29;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with grave accent
-		/// Example <!-- <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> -->
-		/// </summary>
-		[Test]
-		public void imagegraveaccentxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x60;&#x3A;alert&#x28;&#x26;quot&#x3B;RSnake\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with malformed
-		/// Example <!-- <IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\"> -->
-		/// </summary>
-		[Test]
-		public void imagemalformedxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG>\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with ImageFromCharCode
-		/// Example <!-- <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> -->
-		/// </summary>
-		[Test]
-		public void imagefromcharcodexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x3A;alert&#x28;String&#x2E;fromCharCode&#x28;88&#x2C;83&#x2C;83&#x29;&#x29;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with UTF-8 Unicode
-		/// Example <!-- <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> -->
-		/// </summary>
-		[Test]
-		public void imageutf8unicodexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x26;amp&#x3B;&#x23;106&#x3B;&#x26;amp&#x3B;&#x23;97&#x3B;&#x26;amp&#x3B;&#x23;118&#x3B;&#x26;amp&#x3B;&#x23;97&#x3B;&#x26;amp&#x3B;&#x23;115&#x3B;&#x26;amp&#x3B;&#x23;99&#x3B;&#x26;amp&#x3B;&#x23;114&#x3B;&#x26;amp&#x3B;&#x23;105&#x3B;&#x26;amp&#x3B;&#x23;112&#x3B;&#x26;amp&#x3B;&#x23;116&#x3B;&#x26;amp&#x3B;&#x23;58&#x3B;&#x26;amp&#x3B;&#x23;97&#x3B;&#x26;amp&#x3B;&#x23;108&#x3B;&#x26;amp&#x3B;&#x23;101&#x3B;&#x26;amp&#x3B;&#x23;114&#x3B;&#x26;amp&#x3B;&#x23;116&#x3B;&#x26;amp&#x3B;&#x23;40&#x3B;&#x26;amp&#x3B;&#x23;39&#x3B;&#x26;amp&#x3B;&#x23;88&#x3B;&#x26;amp&#x3B;&#x23;83&#x3B;&#x26;amp&#x3B;&#x23;83&#x3B;&#x26;amp&#x3B;&#x23;39&#x3B;&#x26;amp&#x3B;&#x23;41&#x3B;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with Long UTF-8 Unicode
-		/// Example <!-- <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> --> 
-		/// </summary>
-		[Test]
-		public void imagelongutf8unicodexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x26;amp&#x3B;&#x23;0000106&#x26;amp&#x3B;&#x23;0000097&#x26;amp&#x3B;&#x23;0000118&#x26;amp&#x3B;&#x23;0000097&#x26;amp&#x3B;&#x23;0000115&#x26;amp&#x3B;&#x23;0000099&#x26;amp&#x3B;&#x23;0000114&#x26;amp&#x3B;&#x23;0000105&#x26;amp&#x3B;&#x23;0000112&#x26;amp&#x3B;&#x23;0000116&#x26;amp&#x3B;&#x23;0000058&#x26;amp&#x3B;&#x23;0000097&#x26;amp&#x3B;&#x23;0000108&#x26;amp&#x3B;&#x23;0000101&#x26;amp&#x3B;&#x23;0000114&#x26;amp&#x3B;&#x23;0000116&#x26;amp&#x3B;&#x23;0000040&#x26;amp&#x3B;&#x23;0000039&#x26;amp&#x3B;&#x23;0000088&#x26;amp&#x3B;&#x23;0000083&#x26;amp&#x3B;&#x23;0000083&#x26;amp&#x3B;&#x23;0000039&#x26;amp&#x3B;&#x23;0000041\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with Hex encoding without semicolon
-		/// Example <!-- <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> -->
-		/// </summary>   
-		[Test]
-		public void imagehexencodexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x26;amp&#x3B;&#x23;x6A&#x26;amp&#x3B;&#x23;x61&#x26;amp&#x3B;&#x23;x76&#x26;amp&#x3B;&#x23;x61&#x26;amp&#x3B;&#x23;x73&#x26;amp&#x3B;&#x23;x63&#x26;amp&#x3B;&#x23;x72&#x26;amp&#x3B;&#x23;x69&#x26;amp&#x3B;&#x23;x70&#x26;amp&#x3B;&#x23;x74&#x26;amp&#x3B;&#x23;x3A&#x26;amp&#x3B;&#x23;x61&#x26;amp&#x3B;&#x23;x6C&#x26;amp&#x3B;&#x23;x65&#x26;amp&#x3B;&#x23;x72&#x26;amp&#x3B;&#x23;x74&#x26;amp&#x3B;&#x23;x28&#x26;amp&#x3B;&#x23;x27&#x26;amp&#x3B;&#x23;x58&#x26;amp&#x3B;&#x23;x53&#x26;amp&#x3B;&#x23;x53&#x26;amp&#x3B;&#x23;x27&#x26;amp&#x3B;&#x23;x29\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with embedded tab
-		/// Example <!-- <IMG SRC=\"jav	ascript:alert('XSS');\"> -->
-		/// </summary>   
-		[Test]
-		public void imageembeddedtabxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\"jav	ascript:alert('XSS');\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x3B;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with embedded encoded tab
-		/// Example <!-- <IMG SRC="jav&#x09;ascript:alert('XSS');"> -->
-		/// </summary>   
-		[Test]
-		public void imageembeddedencodedtabxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"jav&#x26;amp&#x3B;&#x23;x09&#x3B;a&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x3B;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with embedded new line
-		/// Example <!-- <IMG SRC="jav&#x0A;ascript:alert('XSS');"> -->
-		/// </summary>   
-		[Test]
-		public void imageembeddednewlinexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"jav&#x26;amp&#x3B;&#x23;x0A&#x3B;a&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x3B;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with embedded carriage return
-		/// Example <!-- <IMG SRC=\"jav&#x0D;ascript:alert('XSS');\"> -->
-		/// </summary>   
-		[Test]
-		public void imageembeddedcarriagereturnxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"jav&#x26;amp&#x3B;&#x23;x0D&#x3B;a&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x3B;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with Multiline using ASCII carriage return
-		/// Example <!-- <IMG
-		/// SRC
-		/// =
-		/// " 
-		/// j
-		/// a
-		/// v
-		/// a
-		/// s
-		/// c
-		/// r
-		/// i
-		/// p
-		/// t
-		/// :
-		/// a
-		/// l
-		/// e
-		/// r
-		/// t
-		/// (
-		/// '
-		/// X
-		/// S
-		/// S
-		/// '
-		/// )
-		/// "
-		///> -->
-		/// </summary>   
-		[Test]
-		public void imagemultilineinjectedxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = @"<IMG
-SRC
-=
-"" 
-j
-a
-v
-a
-s
-c
-r
-i
-p
-t
-:
-a
-l
-e
-r
-t
-(
-'
-X
-S
-S
-'
-)
-""
->
-";
-
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<img src=\"&#x3A;&#x0D;&#x0A;a&#x0D;&#x0A;l&#x0D;&#x0A;e&#x0D;&#x0A;r&#x0D;&#x0A;t&#x0D;&#x0A;&#x28;&#x0D;&#x0A;&#x26;&#x23;39&#x3B;&#x0D;&#x0A;X&#x0D;&#x0A;S&#x0D;&#x0A;S&#x0D;&#x0A;&#x26;&#x23;39&#x3B;&#x0D;&#x0A;&#x29;&#x0D;&#x0A;\">\r\n";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with Null breaks up Javascript directive 
-		/// Example <!-- perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out -->
-		/// </summary>   
-		[Test]
-		public void imagenullbreaksupxsstest1()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "perl -e 'print \"<img src=\"java&#xfffd;&#x3A;alert&#x28;&#x26;quot&#x3B;XSS&#x26;quot&#x3B;&#x29;\">\";' > out";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with Null breaks up cross site scripting vector 
-		/// Example <!-- <image src=" perl -e 'print "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";' > out "> -->
-		/// </summary>
-		[Test]
-		public void imagenullbreaksupxsstest2()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<image src=\" perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out \">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "\";' > out \">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with spaces and Meta characters 
-		/// Example <!-- <IMG SRC=" &#14;  javascript:alert('XSS');"> -->
-		/// </summary>
-		[Test]
-		public void imagespaceandmetacharxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\" &#14;  javascript:alert('XSS');\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x20;&#x26;amp&#x3B;&#x23;14&#x3B;&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x3B;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with half open html
-		/// Example <!-- <IMG SRC="javascript:alert('XSS')" -->
-		/// </summary>   
-		[Test]
-		public void imagehalfopenhtmlxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\"javascript:alert('XSS')\"";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with double open angle bracket
-		/// Example <!-- <image src=http://ha.ckers.org/scriptlet.html < -->
-		/// </summary>   
-		[Test]
-		public void imagedoubleopenanglebracketxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<image src=http://ha.ckers.org/scriptlet.html <";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Dic Xss vector with Javascript escaping
-		/// Example <!-- <div style="\";alert('XSS');//"> -->
-		/// </summary>   
-		[Test]
-		public void divjavascriptescapingxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<div style=\"\";alert('XSS');//\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<div style=\"\"></div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with input image
-		/// Example <!-- <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> -->
-		/// </summary>   
-		[Test]
-		public void imageinputxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with Dynsrc
-		/// Example <!-- <IMG DYNSRC="javascript:alert('XSS')"> -->
-		/// </summary>   
-		[Test]
-		public void imagedynsrcxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG DYNSRC=\"javascript:alert('XSS')\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Xss vector with Lowsrc
-		/// Example <!-- <IMG LOWSRC="javascript:alert('XSS')"> -->
-		/// </summary>   
-		[Test]
-		public void imagelowsrcxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG LOWSRC=\"javascript:alert('XSS')\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Xss vector with BGSound
-		/// Example <!-- <BGSOUND SRC="javascript:alert('XSS');"> -->
-		/// </summary>   
-		[Test]
-		public void bgsoundxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<BGSOUND SRC=\"javascript:alert('XSS');\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for BR with Javascript Include
-		/// Example <!-- <BR SIZE="&{alert('XSS')}"> -->
-		/// </summary>   
-		[Test]
-		public void brjavascriptincludexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<BR SIZE=\"&{alert('XSS')}\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<BR>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for P with url in style
-		/// Example <!-- <p STYLE="behavior: url(www.ha.ckers.org);"> -->
-		/// </summary>   
-		[Test]
-		public void pwithurlinstylexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<p STYLE=\"behavior: url(www.ha.ckers.org);\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			// intentionally keep it failing to get notice when reviewing unit tests so can disucss
-			string expected = "<p STYLE=\"&#x3A;&#x20;url&#x28;www&#x2E;ha&#x2E;ckers&#x2E;org&#x29;&#x3B;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image with vbscript
-		/// Example <!-- <IMG SRC='vbscript:msgbox("XSS")'> -->
-		/// </summary>   
-		[Test]
-		public void imagewithvbscriptxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC='vbscript:msgbox(\"XSS\")'>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC='vb&#x3A;msgbox&#x28;&#x26;quot&#x3B;XSS&#x26;quot&#x3B;&#x29;'>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image with Mocha
-		/// Example <!-- <IMG SRC="mocha:[code]"> -->
-		/// </summary>   
-		[Test]
-		public void imagewithmochaxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\"mocha:[code]\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"&#x3A;&#x5B;code&#x5D;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image with Livescript
-		/// Example <!-- <IMG SRC="Livescript:[code]"> -->
-		/// </summary>   
-		[Test]
-		public void imagewithlivescriptxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\"Livescript:[code]\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"Live&#x3A;&#x5B;code&#x5D;\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Iframe
-		/// Example <!-- <IFRAME SRC="javascript:alert('XSS');"></IFRAME> -->
-		/// </summary>   
-		[Test]
-		public void iframexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Frame
-		/// Example <!-- <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> -->
-		/// </summary>   
-		[Test]
-		public void framexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Table
-		/// Example <!-- <TABLE BACKGROUND="javascript:alert('XSS')"> -->
-		/// </summary>   
-		[Test]
-		public void tablexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<TABLE BACKGROUND=\"javascript:alert('XSS')\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<table></table>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for TD
-		/// Example <!-- <TABLE><TD BACKGROUND="javascript:alert('XSS')"> -->
-		/// </summary>   
-		[Test]
-		public void tdxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<table><td></td></table>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div Background Image
-		/// Example <!-- <DIV STYLE="background-image: url(javascript:alert('XSS'))"> -->
-		/// </summary>   
-		[Test]
-		public void divbackgroundimagexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<DIV STYLE=\"background&#x2D;image&#x3A;&#x20;url&#x28;&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x29;\"></div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div Background Image  with unicoded XSS
-		/// Example <!-- <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> -->
-		/// </summary>   
-		[Test]
-		public void divbackgroundimagewithunicodedxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<DIV STYLE=\"background&#x2D;image&#x3A;&#xfffd;075&#xfffd;072&#xfffd;06C&#xfffd;028&#x26;&#x23;39&#x3B;&#xfffd;06a&#xfffd;061&#xfffd;076&#xfffd;061&#xfffd;073&#xfffd;063&#xfffd;072&#xfffd;069&#xfffd;070&#xfffd;074&#xfffd;03a&#xfffd;061&#xfffd;06c&#xfffd;065&#xfffd;072&#xfffd;074&#xfffd;028&#x2E;1027&#xfffd;058&#x2E;1053&#xfffd;053&#xfffd;027&#xfffd;029&#x26;&#x23;39&#x3B;&#xfffd;029\"></div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div Background Image  with extra characters
-		/// Example <!-- <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> -->
-		/// </summary>   
-		[Test]
-		public void divbackgroundimagewithextracharactersxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<DIV STYLE=\"background-image: url(&#1;javascript:alert('XSS'))\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<DIV STYLE=\"background&#x2D;image&#x3A;&#x20;url&#x28;&#x26;amp&#x3B;&#x23;1&#x3B;&#x3A;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x29;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for DIV expression
-		/// Example <!-- <DIV STYLE="width: expression(alert('XSS'));"> -->
-		/// </summary>   
-		[Test]
-		public void divexpressionxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<DIV STYLE=\"width: expression(alert('XSS'));\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<DIV STYLE=\"width&#x3A;&#x28;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x29;&#x3B;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image with break up expression
-		/// Example <!-- <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> -->
-		/// </summary>   
-		[Test]
-		public void imagestyleexpressionxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with break up expression
-		/// Example <!-- exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'> -->
-		/// </summary>   
-		[Test]
-		public void anchortagstyleexpressionxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "exp/*<A STYLE='no\\xss:noxss(\"*//*\");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "exp/*<a></a>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for BaseTag
-		/// Example <!-- <BASE HREF="javascript:alert('XSS');//"> -->
-		/// </summary>   
-		[Test]
-		public void basetagxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<BASE HREF=\"javascript:alert('XSS');//\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for EMBEDTag
-		/// Example <!-- <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> -->
-		/// </summary>   
-		[Test]
-		public void embedtagxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for EMBEDSVG
-		/// Example <!-- <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> -->
-		/// </summary>   
-		[Test]
-		public void embedsvgxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for XML namespace
-		/// Example <!-- <HTML xmlns:xss>  <?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">  <xss:xss>XSS</xss:xss></HTML> -->
-		/// </summary>   
-		[Test]
-		public void xmlnamespacexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<HTML xmlns:xss>  <?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\">  <xss:xss>XSS</xss:xss></HTML>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for XML with CData
-		/// Example <!-- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> -->
-		/// </summary>   
-		[Test]
-		public void xmlwithcdataxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<SPAN></SPAN>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for XML with Comment obfuscation
-		/// Example <!-- <XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:alert('XSS')"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> -->
-		/// </summary>   
-		[Test]
-		public void xmlwithcommentobfuscationxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<XML ID=\"xss\"><I><B>&lt;IMG SRC=\"javas<!-- -->cript:alert('XSS')\"&gt;</B></I></XML><SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<SPAN></SPAN>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for XML with Embedded script
-		/// Example <!-- <XML SRC="xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> -->
-		/// </summary>   
-		[Test]
-		public void xmlwithembeddedscriptxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<XML SRC=\"xsstest.xml\" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<SPAN></SPAN>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Html + Time
-		/// Example <!-- <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML> -->
-		/// </summary>   
-		[Test]
-		public void htmlplustimexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<HTML><BODY><?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"><?import namespace=\"t\" implementation=\"#default#time2\"><t:set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"></BODY></HTML>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Embedded commands
-		/// Example <!-- <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> -->
-		/// </summary>   
-		[Test]
-		public void imagewithembeddedcommandxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"http&#x3A;&#x2F;&#x2F;www&#x2E;thesiteyouareon&#x2E;com&#x2F;somecommand&#x2E;php&#x3F;somevariables&#x3D;maliciouscode\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Image Embedded commands part 2
-		/// Example <!-- <IMG SRC="Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser"> -->
-		/// </summary>   
-		[Test]
-		public void imagewithembeddedcommand2xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<IMG SRC=\"Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<IMG SRC=\"Redirect&#x20;302&#x20;&#x2F;a&#x2E;jpg&#x20;http&#x3A;&#x2F;&#x2F;victimsite&#x2E;com&#x2F;admin&#x2E;asp&#x26;amp&#x3B;deleteuser\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag IP verses hostname
-		/// Example <!-- <A HREF="http://66.102.7.147/">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagipverseshostnamexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://66.102.7.147/\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;66&#x2E;102&#x2E;7&#x2E;147&#x2F;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Url encoding
-		/// Example <!-- <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagurlencodingxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;&#x25;77&#x25;77&#x25;77&#x25;2E&#x25;67&#x25;6F&#x25;6F&#x25;67&#x25;6C&#x25;65&#x25;2E&#x25;63&#x25;6F&#x25;6D\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Dword encoding
-		/// Example <!-- <A HREF="http://1113982867/">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagdwordencodingxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://1113982867/\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;1113982867&#x2F;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Hex encoding
-		/// Example <!-- <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaghexencodingxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;0x42&#x2E;0x0000066&#x2E;0x7&#x2E;0x93&#x2F;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Octal encoding
-		/// Example <!-- <A HREF="http://0102.0146.0007.00000223/">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagoctalencodingxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;0102&#x2E;0146&#x2E;0007&#x2E;00000223&#x2F;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Mixed encoding
-		/// Example <!-- <A HREF="h tt	p://6&#9;6.000146.0x7.147/">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagmixedencodingxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = @"<A HREF=""h
-tt	p://6&#9;6.000146.0x7.147/"">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"h&#x0D;&#x0A;tt&#x09;p&#x3A;&#x2F;&#x2F;6&#x26;amp&#x3B;&#x23;9&#x3B;6&#x2E;000146&#x2E;0x7&#x2E;147&#x2F;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Protocol resolution
-		/// Example <!-- <A HREF="//www.google.com/">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagprotocolresolutionxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"//www.google.com/\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"&#x2F;&#x2F;www&#x2E;google&#x2E;com&#x2F;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Google feeling lucky part1
-		/// Example <!-- <A HREF="//google">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaggooglefeelinglucky1xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"//google\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"&#x2F;&#x2F;google\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Google feeling lucky part2
-		/// Example <!-- <A HREF="http://ha.ckers.org@google">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaggooglefeelinglucky2xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://ha.ckers.org@google\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x40;google\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Google feeling lucky part3
-		/// Example <!-- <A HREF="http://google:ha.ckers.org">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaggooglefeelinglucky3xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://google:ha.ckers.org\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;google&#x3A;ha&#x2E;ckers&#x2E;org\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with removing cnames
-		/// Example <!-- <A HREF="http://google.com/">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagremovingcnamesxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://google.com/\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;google&#x2E;com&#x2F;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with extra dot for absolute dns
-		/// Example <!-- <A HREF="http://www.google.com./">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagabsolutednsxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.google.com./\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;google&#x2E;com&#x2E;&#x2F;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with javascript link location
-		/// Example <!-- <A HREF="javascript:document.location='http://www.google.com/'">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagjavascriptlinklocationxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"&#x3A;document&#x2E;location&#x3D;&#x26;&#x23;39&#x3B;http&#x3A;&#x2F;&#x2F;www&#x2E;google&#x2E;com&#x2F;&#x26;&#x23;39&#x3B;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with content replace
-		/// Example <!-- <A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagcontentreplacexsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;gohttp&#x3A;&#x2F;&#x2F;www&#x2E;google&#x2E;com&#x2F;ogle&#x2E;com&#x2F;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with no filter evasion
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagnofilterevasionxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;SRC&#x3D;http&#x3A;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x2F;xss&#x2E;js&#x26;gt&#x3B;&#x26;lt&#x3B;&#x2F;&#x26;gt&#x3B;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with no filter evasion
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divnofilterevasionxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;SRC&#x3D;http&#x3A;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x2F;xss&#x2E;js&#x26;gt&#x3B;&#x26;lt&#x3B;&#x2F;&#x26;gt&#x3B;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and no filter evasion
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionnofilterevasionxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;SRC&#x3D;http&#x3A;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x2F;xss&#x2E;js&#x26;gt&#x3B;&#x26;lt&#x3B;&#x2F;&#x26;gt&#x3B;&#x29;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with non alpha non digit xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagnonalphanondigitxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x2F;XSS&#x20;SRC&#x3D;\">\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with non alpha non digit xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT/XSS SRC=http://ha.ckers.org/xss.js></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divnonalphanondigitxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x2F;XSS&#x20;SRC&#x3D;\">\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and non alpha non digit xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionnonalphanondigitxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;&#x2F;XSS&#x20;SRC&#x3D;\">)\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with non alpha non digit part 3 xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagnonalphanondigit3xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x2F;SRC&#x3D;\">\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with non alpha non digit part 3 xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT/SRC=http://ha.ckers.org/xss.js></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divnonalphanondigit3xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x2F;SRC&#x3D;\">\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and non alpha non digit part 3 xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionnonalphanondigit3xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;&#x2F;SRC&#x3D;\">)\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Extraneous open brackets xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<<SCRIPT>alert("XSS");//<</SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagextraneousopenbracketsxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<<SCRIPT>alert(\"XSS\");//<</SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x26;lt&#x3B;&#x26;gt&#x3B;alert&#x28;\"></A>\">XSS";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Extraneous open brackets xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<<SCRIPT>alert("XSS");//<</SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divextraneousopenbracketsxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<<SCRIPT>alert(\"XSS\");//<</SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x26;lt&#x3B;&#x26;gt&#x3B;alert&#x28;\"></Div>\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Extraneous open brackets xss
-		/// Example <!-- <Div style="background-color: expression(<<SCRIPT>alert("XSS");//<</SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionextraneousopenbracketsxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<<SCRIPT>alert(\"XSS\");//<</SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;&#x26;lt&#x3B;&#x26;gt&#x3B;alert&#x28;\"></div>)\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with No closing script tags xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagnoclosingscripttagsxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;SRC&#x3D;http&#x3A;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x2F;xss&#x2E;js&#x3F;&#x26;lt&#x3B;B&#x26;gt&#x3B;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with No closing script tags xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>"> -->
-		/// </summary>   
-		[Test]
-		public void divnoclosingscripttagsxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;SRC&#x3D;http&#x3A;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x2F;xss&#x2E;js&#x3F;&#x26;lt&#x3B;B&#x26;gt&#x3B;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and No closing script tags xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionnoclosingscripttagsxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;SRC&#x3D;http&#x3A;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x2F;xss&#x2E;js&#x3F;&#x26;lt&#x3B;B&#x26;gt&#x3B;&#x29;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Protocol resolution in script tags xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT SRC=//ha.ckers.org/.j>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagprotocolresolutionscriptxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT SRC=//ha.ckers.org/.j>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;SRC&#x3D;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x2F;&#x2E;j&#x26;gt&#x3B;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Protocol resolution in script tags xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT SRC=//ha.ckers.org/.j>"> -->
-		/// </summary>   
-		[Test]
-		public void divprotocolresolutionscriptxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT SRC=//ha.ckers.org/.j>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;SRC&#x3D;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x2F;&#x2E;j&#x26;gt&#x3B;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Protocol resolution in script tags xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT SRC=//ha.ckers.org/.j>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionprotocolresolutionscriptxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT SRC=//ha.ckers.org/.j>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;SRC&#x3D;&#x2F;&#x2F;ha&#x2E;ckers&#x2E;org&#x2F;&#x2E;j&#x26;gt&#x3B;&#x29;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with no single quotes or double quotes or semicolons xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagnoquotesxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x26;gt&#x3B;a&#x3D;&#x2F;XSS&#x2F;alert&#x28;a&#x2E;source&#x29;&#x26;lt&#x3B;&#x2F;&#x26;gt&#x3B;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with no single quotes or double quotes or semicolons xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divnoquotesxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x26;gt&#x3B;a&#x3D;&#x2F;XSS&#x2F;alert&#x28;a&#x2E;source&#x29;&#x26;lt&#x3B;&#x2F;&#x26;gt&#x3B;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and no single quotes or double quotes or semicolons xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionnoquotesxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;&#x26;gt&#x3B;a&#x3D;&#x2F;XSS&#x2F;alert&#x28;a&#x2E;source&#x29;&#x26;lt&#x3B;&#x2F;&#x26;gt&#x3B;&#x29;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with US-ASCII encoding xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=¼script¾alert(¢XSS¢)¼/script¾">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagusasciiencodingxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=¼script¾alert(¢XSS¢)¼/script¾\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;&#x23;188&#x3B;&#x26;&#x23;190&#x3B;alert&#x28;&#x26;&#x23;162&#x3B;XSS&#x26;&#x23;162&#x3B;&#x29;&#x26;&#x23;188&#x3B;&#x2F;&#x26;&#x23;190&#x3B;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with US-ASCII encoding xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=¼script¾alert(¢XSS¢)¼/script¾"> -->
-		/// </summary>   
-		[Test]
-		public void divusasciiencodingxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=¼script¾alert(¢XSS¢)¼/script¾\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;&#x23;188&#x3B;&#x26;&#x23;190&#x3B;alert&#x28;&#x26;&#x23;162&#x3B;XSS&#x26;&#x23;162&#x3B;&#x29;&#x26;&#x23;188&#x3B;&#x2F;&#x26;&#x23;190&#x3B;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and US-ASCII encoding xss
-		/// Example <!-- <Div style="background-color: expression(¼script¾alert(¢XSS¢)¼/script¾)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionusasciiencodingxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(¼script¾alert(¢XSS¢)¼/script¾)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;&#x23;188&#x3B;&#x26;&#x23;190&#x3B;alert&#x28;&#x26;&#x23;162&#x3B;XSS&#x26;&#x23;162&#x3B;&#x29;&#x26;&#x23;188&#x3B;&#x2F;&#x26;&#x23;190&#x3B;&#x29;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Downlevel-Hidden block xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortagdownlevelhiddenblockxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x21;&#x2D;&#x2D;&#x5B;if&#x20;gte&#x20;IE&#x20;4&#x5D;&#x26;gt&#x3B;&#x26;lt&#x3B;&#x26;gt&#x3B;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x3B;&#x26;lt&#x3B;&#x2F;&#x26;gt&#x3B;&#x26;lt&#x3B;&#x21;&#x5B;endif&#x5D;&#x2D;&#x2D;&#x26;gt&#x3B;\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Downlevel-Hidden block xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->"> -->
-		/// </summary>   
-		[Test]
-		public void divdownlevelhiddenblockxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x21;&#x2D;&#x2D;&#x5B;if&#x20;gte&#x20;IE&#x20;4&#x5D;&#x26;gt&#x3B;&#x26;lt&#x3B;&#x26;gt&#x3B;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x3B;&#x26;lt&#x3B;&#x2F;&#x26;gt&#x3B;&#x26;lt&#x3B;&#x21;&#x5B;endif&#x5D;&#x2D;&#x2D;&#x26;gt&#x3B;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Downlevel-Hidden block xss
-		/// Example <!-- <Div style="background-color: expression(<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressiondownlevelhiddenblockxsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;&#x21;&#x2D;&#x2D;&#x5B;if&#x20;gte&#x20;IE&#x20;4&#x5D;&#x26;gt&#x3B;&#x26;lt&#x3B;&#x26;gt&#x3B;alert&#x28;&#x26;&#x23;39&#x3B;XSS&#x26;&#x23;39&#x3B;&#x29;&#x3B;&#x26;lt&#x3B;&#x2F;&#x26;gt&#x3B;&#x26;lt&#x3B;&#x21;&#x5B;endif&#x5D;&#x2D;&#x2D;&#x26;gt&#x3B;&#x29;\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Html Quotes Encapsulation 1 xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaghtmlquotesencapsulation1xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;a&#x3D;\">\" SRC=\"http://ha.ckers.org/xss.js\">\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Html Quotes Encapsulation 1 xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divhtmlquotesencapsulation1xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;a&#x3D;\">\" SRC=\"http://ha.ckers.org/xss.js\">\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Html Quotes Encapsulation 1 xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionhtmlquotesencapsulation1xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;a&#x3D;\">\" SRC=\"http://ha.ckers.org/xss.js\">)\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Html Quotes Encapsulation 2 xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaghtmlquotesencapsulation2xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x3D;\">\" SRC=\"http://ha.ckers.org/xss.js\">\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Html Quotes Encapsulation 2 xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divhtmlquotesencapsulation2xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x3D;\">\" SRC=\"http://ha.ckers.org/xss.js\">\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Html Quotes Encapsulation 2 xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionhtmlquotesencapsulation2xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;&#x3D;\">\" SRC=\"http://ha.ckers.org/xss.js\">)\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Html Quotes Encapsulation 3 xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaghtmlquotesencapsulation3xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;a&#x3D;\">\" '' SRC=\"http://ha.ckers.org/xss.js\">\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Html Quotes Encapsulation 3 xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divhtmlquotesencapsulation3xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT a=\" > \" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;a&#x3D;\"> \" '' SRC=\"http://ha.ckers.org/xss.js\">\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Html Quotes Encapsulation 3 xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionhtmlquotesencapsulation3xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT a=\" > \" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;a&#x3D;\"> \" '' SRC=\"http://ha.ckers.org/xss.js\">)\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Html Quotes Encapsulation 4 xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaghtmlquotesencapsulation4xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;\">\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Html Quotes Encapsulation 4 xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divhtmlquotesencapsulation4xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;\">\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Html Quotes Encapsulation 4 xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionhtmlquotesencapsulation4xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;\">)\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Html Quotes Encapsulation 5 xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaghtmlquotesencapsulation5xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;a&#x3D;&#x60;&#x26;gt&#x3B;&#x60;&#x20;SRC&#x3D;\">\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Html Quotes Encapsulation 5 xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divhtmlquotesencapsulation5xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;a&#x3D;&#x60;&#x26;gt&#x3B;&#x60;&#x20;SRC&#x3D;\">\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Html Quotes Encapsulation 5 xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionhtmlquotesencapsulation5xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;a&#x3D;&#x60;&#x26;gt&#x3B;&#x60;&#x20;SRC&#x3D;\">)\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Html Quotes Encapsulation 6 xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaghtmlquotesencapsulation6xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;a&#x3D;\">'>\" SRC=\"http://ha.ckers.org/xss.js\">\">XSS</A>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Html Quotes Encapsulation 6 xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divhtmlquotesencapsulation6xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;a&#x3D;\">'>\" SRC=\"http://ha.ckers.org/xss.js\">\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Html Quotes Encapsulation 6 xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionhtmlquotesencapsulation6xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;a&#x3D;\">'>\" SRC=\"http://ha.ckers.org/xss.js\">)\"></Div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for AnchorTag with Html Quotes Encapsulation 7 xss
-		/// Example <!-- <A HREF="http://www.codeplex.com?url=<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>">XSS</A> -->
-		/// </summary>   
-		[Test]
-		public void anchortaghtmlquotesencapsulation7xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<A HREF=\"http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x26;gt&#x3B;document&#x2E;write&#x28;\"></a>PT SRC=\"http://ha.ckers.org/xss.js\">\">XSS";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with Html Quotes Encapsulation 7 xss
-		/// Example <!-- <Div style="background-color: http://www.codeplex.com?url=<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>"> -->
-		/// </summary>   
-		[Test]
-		public void divhtmlquotesencapsulation7xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x20;http&#x3A;&#x2F;&#x2F;www&#x2E;codeplex&#x2E;com&#x3F;url&#x3D;&#x26;lt&#x3B;&#x26;gt&#x3B;document&#x2E;write&#x28;\"></div>PT SRC=\"http://ha.ckers.org/xss.js\">\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		/// <summary>
-		/// A test for Div with style expression and Html Quotes Encapsulation 7 xss
-		/// Example <!-- <Div style="background-color: expression(<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>)"> -->
-		/// </summary>   
-		[Test]
-		public void divstyleexpressionhtmlquotesencapsulation7xsstest()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<Div style=\"background-color: expression(<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>)\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<Div style=\"background&#x2D;color&#x3A;&#x28;&#x26;lt&#x3B;&#x26;gt&#x3B;document&#x2E;write&#x28;\"></div>PT SRC=\"http://ha.ckers.org/xss.js\">)\">";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		[Test]
-		public void htmlencode()
-		{
-			// Arrange
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<div style=\"background-color: test\">";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<div style=\"background&#x2D;color&#x3A;&#x20;test\"></div>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
-		}
-
-		[Test(Description="To be fixed post 1.6")]
-		[Ignore]
-		public void UrlWithScriptInHref()
-		{
-			// Arrange
-			//issue #159
-			MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
-
-			// Act
-			string htmlFragment = "<a href=\"http://msdn.microsoft.com/en-us/library/system.componentmodel.descriptionattribute.aspx\">ComponentModel.Description</a>";
-			string actual = sanitizer.SanitizeHtml(htmlFragment);
-
-			// Assert
-			string expected = "<a href=\"http&#x3A;&#x2F;&#x2F;msdn&#x2E;microsoft&#x2E;com&#x2F;en&#x2D;us&#x2F;library&#x2F;system&#x2E;componentmodel&#x2E;descriptionattribute&#x2E;aspx\">ComponentModel.Description</a>";
-			Assert.That(actual, Is.EqualTo(expected).IgnoreCase, actual);
-		}
-	}
-}
diff --git a/src/Roadkill.Web/Assets/Scripts/roadkill.js b/src/Roadkill.Web/Assets/Scripts/roadkill.js
index 4e723724e..9af3f6d3f 100644
--- a/src/Roadkill.Web/Assets/Scripts/roadkill.js
+++ b/src/Roadkill.Web/Assets/Scripts/roadkill.js
@@ -28426,7 +28426,7 @@ var Roadkill;
                 $(selector).modal("hide");
             };
             return Dialogs;
-        })();
+        }());
         Web.Dialogs = Dialogs;
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
 })(Roadkill || (Roadkill = {}));
@@ -28513,7 +28513,7 @@ var Roadkill;
                 });
             };
             return Setup;
-        })();
+        }());
         Web.Setup = Setup;
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
 })(Roadkill || (Roadkill = {}));
@@ -28559,7 +28559,7 @@ var Roadkill;
                 });
             };
             return Validation;
-        })();
+        }());
         Web.Validation = Validation;
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
 })(Roadkill || (Roadkill = {}));
@@ -28738,7 +28738,7 @@ var Roadkill;
                 });
             };
             return EditPage;
-        })();
+        }());
         Web.EditPage = EditPage;
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
 })(Roadkill || (Roadkill = {}));
@@ -28895,7 +28895,7 @@ var Roadkill;
                 }
             };
             return WysiwygEditor;
-        })();
+        }());
         Web.WysiwygEditor = WysiwygEditor;
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
 })(Roadkill || (Roadkill = {}));
@@ -28953,7 +28953,7 @@ var Roadkill;
                     });
                 };
                 return AjaxRequest;
-            })();
+            }());
             FileManager.AjaxRequest = AjaxRequest;
         })(FileManager = Web.FileManager || (Web.FileManager = {}));
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
@@ -28997,7 +28997,7 @@ var Roadkill;
                     });
                 };
                 return BreadCrumbTrail;
-            })();
+            }());
             FileManager.BreadCrumbTrail = BreadCrumbTrail;
         })(FileManager = Web.FileManager || (Web.FileManager = {}));
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
@@ -29123,7 +29123,7 @@ var Roadkill;
                     $("tr#newfolderrow").remove();
                 };
                 return ButtonEvents;
-            })();
+            }());
             FileManager.ButtonEvents = ButtonEvents;
         })(FileManager = Web.FileManager || (Web.FileManager = {}));
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
@@ -29197,7 +29197,7 @@ var Roadkill;
                     return FileManager.Util.FormatString(html, fileModel.Name, fileModel.CreateDate, fileModel.Extension, fileModel.Size);
                 };
                 return HtmlBuilder;
-            })();
+            }());
             FileManager.HtmlBuilder = HtmlBuilder;
         })(FileManager = Web.FileManager || (Web.FileManager = {}));
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
@@ -29282,7 +29282,7 @@ var Roadkill;
                     });
                 };
                 return Setup;
-            })();
+            }());
             FileManager.Setup = Setup;
         })(FileManager = Web.FileManager || (Web.FileManager = {}));
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
@@ -29350,7 +29350,7 @@ var Roadkill;
                     ajaxRequest.getFolderInfo(path, success);
                 };
                 return TableEvents;
-            })();
+            }());
             FileManager.TableEvents = TableEvents;
         })(FileManager = Web.FileManager || (Web.FileManager = {}));
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
@@ -29382,7 +29382,7 @@ var Roadkill;
                     return result;
                 };
                 return Util;
-            })();
+            }());
             FileManager.Util = Util;
         })(FileManager = Web.FileManager || (Web.FileManager = {}));
     })(Web = Roadkill.Web || (Roadkill.Web = {}));
@@ -29399,7 +29399,7 @@ var Roadkill;
                 function SettingsMessages() {
                 }
                 return SettingsMessages;
-            })();
+            }());
             Admin.SettingsMessages = SettingsMessages;
             var Settings = (function () {
                 function Settings(messages) {
@@ -29503,7 +29503,7 @@ var Roadkill;
                     bootbox.alert("<h2>" + title + "<h2><pre style='max-height:500px;overflow-y:scroll;'>" + errorMessage + "</pre>");
                 };
                 return Settings;
-            })();
+            }());
             Admin.Settings = Settings;
         })(Admin = Web.Admin || (Web.Admin = {}));
     })(Web = Roadkill.Web || (Roadkill.Web = {}));