private void SanitizeStyleDeclaration(IElement element, ICssStyleDeclaration styles, string baseUrl)
{
var removeStyles = new List <Tuple <ICssProperty, RemoveReason> >();
var setStyles = new Dictionary <string, string>();
foreach (var style in styles)
{
var key = DecodeCss(style.Name);
var val = DecodeCss(style.Value);
if (!AllowedCssProperties.Contains(key))
{
removeStyles.Add(new Tuple <ICssProperty, RemoveReason>(style, RemoveReason.NotAllowedStyle));
continue;
}
if (CssExpression.IsMatch(val) || DisallowCssPropertyValue.IsMatch(val))
{
removeStyles.Add(new Tuple <ICssProperty, RemoveReason>(style, RemoveReason.NotAllowedValue));
continue;
}
var urls = CssUrl.Matches(val);
if (urls.Count > 0)
{
if (urls.Cast <Match>().Any(m => SanitizeUrl(m.Groups[2].Value, baseUrl) == null))
{
removeStyles.Add(new Tuple <ICssProperty, RemoveReason>(style, RemoveReason.NotAllowedUrlValue));
}
else
{
var s = CssUrl.Replace(val, m => "url(" + m.Groups[1].Value + SanitizeUrl(m.Groups[2].Value, baseUrl) + m.Groups[3].Value);
if (s != val)
{
if (key != style.Name)
{
removeStyles.Add(new Tuple <ICssProperty, RemoveReason>(style, RemoveReason.NotAllowedUrlValue));
}
setStyles[key] = s;
}
}
}
}
foreach (var style in setStyles)
{
styles.SetProperty(style.Key, style.Value);
}
foreach (var style in removeStyles)
{
RemoveStyle(element, styles, style.Item1, style.Item2);
}
}
/// <summary>
/// Sanitizes the style.
/// </summary>
/// <param name="styles">The styles.</param>
/// <param name="baseUrl">The base URL.</param>
protected void SanitizeStyle(CSSStyleDeclaration styles, string baseUrl)
{
if (styles == null || !styles.Any())
{
return;
}
var removeStyles = new List <KeyValuePair <string, string> >();
var setStyles = new Dictionary <string, string>();
foreach (var style in styles)
{
var key = DecodeCss(style.Key);
var val = DecodeCss(style.Value);
if (!AllowedCssProperties.Contains(key) || CssExpression.IsMatch(val) || DisallowCssPropertyValue.IsMatch(val))
{
removeStyles.Add(style);
}
else
{
var urls = CssUrl.Matches(val);
if (urls.Count > 0)
{
if (urls.Cast <Match>().Any(m => GetSafeUri(m.Groups[2].Value) == null || SanitizeUrl(m.Groups[2].Value, baseUrl) == null))
{
removeStyles.Add(style);
}
else
{
var s = CssUrl.Replace(val, m => "url(" + m.Groups[1].Value + SanitizeUrl(m.Groups[2].Value, baseUrl) + m.Groups[3].Value);
if (s != val)
{
if (key != style.Key)
{
removeStyles.Add(style);
}
setStyles[key] = s;
}
}
}
}
}
foreach (var style in removeStyles)
{
RemoveStyle(styles, style);
}
foreach (var kvp in setStyles)
{
styles.SetStyle(kvp.Key, kvp.Value);
}
}
internal Md2HtmlSanitizer()
{
AllowedTags.Add(@"meta");
AllowedTags.Add(@"style");
AllowedAttributes.Add(@"content");
AllowedAttributes.Add(@"http-equiv");
AllowedCssProperties.Add(@"src");
RemovingAtRule += ChangedEvent;
RemovingAttribute += ChangedEvent;
RemovingCssClass += ChangedEvent;
RemovingStyle += ChangedEvent;
RemovingTag += ChangedEvent;
}
public HtmlSanitizer() : base()
{
AllowedTags.Clear();
AllowedTags.Add("p");
AllowedTags.Add("h2");
AllowedTags.Add("strong");
AllowedTags.Add("em");
AllowedTags.Add("ul");
AllowedTags.Add("ol");
AllowedTags.Add("li");
AllowedTags.Add("a");
AllowedTags.Add("br");
AllowedAttributes.Clear();
AllowedAttributes.Add("href");
AllowedCssProperties.Clear();
AllowedAtRules.Clear();
}
internal Md2HtmlSanitizer()
{
AllowedTags.Add(@"meta");
AllowedTags.Add(@"style");
AllowedAttributes.Add(@"content");
AllowedAttributes.Add(@"http-equiv");
AllowedAttributes.Add(@"id");
AllowedAttributes.Add(@"class");
AllowedCssProperties.Add(@"src");
AllowedCssProperties.Add(@"word-break");
AllowedCssProperties.Add(@"word-wrap");
AllowedCssProperties.Add(@"-moz-tab-size");
AllowedCssProperties.Add(@"-o-tab-size");
AllowedCssProperties.Add(@"tab-size");
AllowedCssProperties.Add(@"-webkit-hyphens");
AllowedCssProperties.Add(@"-moz-hyphens");
AllowedCssProperties.Add(@"-ms-hyphens");
AllowedCssProperties.Add(@"hyphens");
AllowedCssProperties.Add(@"background-position-x");
AllowedCssProperties.Add(@"background-position-y");
AllowedCssProperties.Add(@"transition-property");
AllowedCssProperties.Add(@"transition-duration");
AllowedCssProperties.Add(@"transition-timing-function");
AllowedCssProperties.Add(@"transition-delay");
AllowedCssProperties.Add(@"box-shadow");
AllowedSchemes.Add(@"file");
AllowedSchemes.Add(@"data");
AllowedAtRules.Add(CssRuleType.Media);
AllowedAtRules.Add(CssRuleType.Keyframe);
AllowedAtRules.Add(CssRuleType.Keyframes);
RemovingAtRule += ChangedEvent;
RemovingAttribute += ChangedEvent;
RemovingCssClass += ChangedEvent;
RemovingStyle += ChangedEvent;
RemovingTag += ChangedEvent;
}
