protected override void VisitTextPart(TextPart entity)
{
string text;
if (entity.IsHtml)
{
var converter = new HtmlToHtml {
HtmlTagCallback = HtmlTagCallback
};
text = converter.Convert(entity.Text);
}
else if (entity.IsFlowed)
{
var converter = new FlowedToText();
text = converter.Convert(entity.Text);
text = QuoteText(text);
}
else
{
// quote the original message text
text = QuoteText(entity.Text);
}
var part = new TextPart(entity.ContentType.MediaSubtype.ToLowerInvariant())
{
Text = text
};
Push(part);
}
// Token: 0x060018CE RID: 6350 RVA: 0x00055CC0 File Offset: 0x00053EC0
protected static string ConvertToSafeHtml(string html)
{
string text = null;
if (html != null)
{
HtmlToHtml htmlToHtml = new HtmlToHtml();
htmlToHtml.FilterHtml = true;
htmlToHtml.OutputHtmlFragment = true;
using (TextReader textReader = new StringReader(html))
{
using (TextWriter textWriter = new StringWriter())
{
try
{
htmlToHtml.Convert(textReader, textWriter);
text = textWriter.ToString().Trim();
if (text.StartsWith("<div>", StringComparison.OrdinalIgnoreCase))
{
text = text.Substring("<div>".Length, text.Length - "<div>".Length - "</div>".Length);
}
}
catch (ExchangeDataException localizedException)
{
GetLinkPreview.ThrowLocalizedException("HtmlConversionFailed", localizedException);
}
}
}
}
return(text);
}
// Token: 0x06001B94 RID: 7060 RVA: 0x00069C84 File Offset: 0x00067E84
public static string CleanHtml(string input)
{
string text = null;
HtmlToHtml htmlToHtml = new HtmlToHtml();
htmlToHtml.FilterHtml = true;
htmlToHtml.OutputHtmlFragment = true;
string result;
using (TextReader textReader = new StringReader(input))
{
using (TextWriter textWriter = new StringWriter())
{
try
{
htmlToHtml.Convert(textReader, textWriter);
text = textWriter.ToString();
}
catch (ExchangeDataException innerException)
{
throw FaultExceptionUtilities.CreateFault(new OwaCannotSanitizeHtmlException("Sanitization of the HTML failed", innerException, htmlToHtml), FaultParty.Sender);
}
result = text;
}
}
return(result);
}
/// <summary>
/// Sanitizes input HTML fragment for safe display on browser.
/// </summary>
/// <param name="input">Malicious HTML fragment</param>
/// <returns>Safe HTML fragment</returns>
/// <remarks>
/// The method transforms and filters HTML of executable scripts.
/// A safe list of tags and attributes are used to strip dangerous
/// scripts from the HTML. HTML is also normalized where tags are
/// properly closed and attributes are properly formatted.
/// </remarks>
public static string GetSafeHtmlFragment(string input)
{
if (string.IsNullOrEmpty(input))
{
return(string.Empty);
}
using TextReader stringReader = new StringReader(input);
using TextWriter stringWriter = new StringWriter();
HtmlToHtml htmlObject = new HtmlToHtml
{
FilterHtml = true,
OutputHtmlFragment = true,
NormalizeHtml = true
};
htmlObject.Convert(stringReader, stringWriter);
if (stringWriter.ToString().Length == 0)
{
return(string.Empty);
}
// stripping <div> tags
string output = stringWriter.ToString();
if (string.Equals(output.Substring(0, 5), "<div>", System.StringComparison.OrdinalIgnoreCase))
{
output = output.Substring(5);
output = output.Substring(0, output.Length - 8);
}
return(output);
}
public static string MakeSafeHtml(int traceId, string unsafeHtml)
{
MailTipsUtility.GetMailTipsTracer.TraceDebug((long)traceId, "Entering MakeSafeHtml");
HtmlToHtml htmlToHtml = new HtmlToHtml();
htmlToHtml.FilterHtml = true;
htmlToHtml.OutputHtmlFragment = true;
string result;
using (TextReader textReader = new StringReader(unsafeHtml))
{
using (TextWriter textWriter = new StringWriter())
{
try
{
htmlToHtml.Convert(textReader, textWriter);
}
catch (ExchangeDataException ex)
{
MailTipsUtility.GetMailTipsTracer.TraceDebug <string>((long)traceId, "Exception thrown while filtering HTML: {0}", ex.Message);
return(string.Empty);
}
result = textWriter.ToString().Trim();
}
}
return(result);
}
/// <summary>
/// Returns a safe version of HTML fragment by either sanitizing or removing all malicious scripts.
/// </summary>
/// <param name="input">String containing user supplied HTML</param>
/// <returns>Safe version of user supplied HTML</returns>
/// <remarks>Input string is passed through the HtmlToHtml class where any unsafe HTML
/// it might contain is stripped out. A white list of non scriptable tags and attributes
/// are used to parse the input HTML fragment for malicious scripts. For santizing entire
/// HTML pages see <see cref="GetSafeHtml(string)"/>.
/// </remarks>
public static string GetSafeHtmlFragment(string input)
{
// Check for NULL || EMPTY
if (string.IsNullOrEmpty(input))
{
return(string.Empty);
}
TextReader stringReader = null;
TextWriter stringWriter = null;
HtmlToHtml htmlObject = null;
try
{
htmlObject = new HtmlToHtml();
stringReader = new StringReader(input);
stringWriter = new StringWriter(CultureInfo.InvariantCulture);
// Set the properties.
htmlObject.FilterHtml = true;
htmlObject.OutputHtmlFragment = true;
htmlObject.NormalizeHtml = true;
htmlObject.Convert(stringReader, stringWriter);
if (stringWriter.ToString().Length != 0)
{
//stripping <div> tags
var output = stringWriter.ToString();
if (output.Substring(0, 5).ToLower() == "<div>")
{
//strpping begin tag
output = output.Substring(5);
//stripping end tag + linefeed
output = output.Substring(0, output.Length - 8);
}
return(output);
}
else
{
return(string.Empty);
}
}
finally
{
if (stringReader != null)
{
stringReader.Close();
}
if (stringWriter != null)
{
stringWriter.Close();
}
}
}
public void TestArgumentExceptions()
{
var converter = new HtmlToHtml();
var reader = new StringReader("");
var writer = new StringWriter();
Assert.AreEqual(TextFormat.Html, converter.InputFormat);
Assert.AreEqual(TextFormat.Html, converter.OutputFormat);
Assert.IsFalse(converter.DetectEncodingFromByteOrderMark);
Assert.IsFalse(converter.FilterComments);
Assert.IsFalse(converter.FilterHtml);
Assert.IsNull(converter.Footer);
Assert.IsNull(converter.Header);
Assert.AreEqual(HeaderFooterFormat.Text, converter.FooterFormat);
Assert.AreEqual(HeaderFooterFormat.Text, converter.HeaderFormat);
Assert.Throws <ArgumentNullException> (() => converter.Convert((TextReader)null, writer));
Assert.Throws <ArgumentNullException> (() => converter.Convert(reader, (TextWriter)null));
}
/// <summary>
/// Get safe version of HTML fragment.
/// </summary>
/// <param name="sourceReader"> TextReader as source of HTML</param>
/// <param name="destinationStream">Stream as safeHTML</param>
public static void GetSafeHtmlFragment(TextReader sourceReader, Stream destinationStream)
{
var htmlObject = new HtmlToHtml();
// Set the properties.
htmlObject.FilterHtml = true;
htmlObject.OutputHtmlFragment = true;
htmlObject.NormalizeHtml = true;
htmlObject.Convert(sourceReader, destinationStream);
}
/// <summary>
/// Sanitizes input HTML document for safe display on browser.
/// </summary>
/// <param name="sourceReader">Source text reader with malicious HTML</param>
/// <param name="destinationWriter">Text Writer to write safe HTML</param>
/// <remarks>
/// The method transforms and filters HTML of executable scripts.
/// A safe list of tags and attributes are used to strip dangerous
/// scripts from the HTML. HTML is also normalized where tags are
/// properly closed and attributes are properly formatted.
/// </remarks>
public static void GetSafeHtml(TextReader sourceReader, TextWriter destinationWriter)
{
HtmlToHtml htmlObject = new HtmlToHtml
{
FilterHtml = true,
OutputHtmlFragment = false,
NormalizeHtml = true
};
htmlObject.Convert(sourceReader, destinationWriter);
}
/// <summary>
/// Get safe version of HTML fragment.
/// </summary>
/// <param name="sourceReader"> TextReader as source of HTML</param>
/// <param name="destinationWriter">TextWriter as safeHTML</param>
public static void GetSafeHtmlFragment(TextReader sourceReader, TextWriter destinationWriter)
{
HtmlToHtml htmlObject = htmlObject = new HtmlToHtml();
// Set the properties.
htmlObject.FilterHtml = true;
htmlObject.OutputHtmlFragment = true;
htmlObject.NormalizeHtml = true;
htmlObject.Convert(sourceReader, destinationWriter);
}
/// <summary>
/// Sanitizes input HTML fragment for safe display on browser.
/// </summary>
/// <param name="sourceReader">Source text reader with malicious HTML</param>
/// <param name="destinationStream">Stream to write safe HTML</param>
/// <remarks>
/// The method transforms and filters HTML of executable scripts.
/// A safe list of tags and attributes are used to strip dangerous
/// scripts from the HTML. HTML is also normalized where tags are
/// properly closed and attributes are properly formatted.
/// </remarks>
public static void GetSafeHtmlFragment(TextReader sourceReader, Stream destinationStream)
{
HtmlToHtml htmlObject = new HtmlToHtml
{
FilterHtml = true,
OutputHtmlFragment = true,
NormalizeHtml = true
};
htmlObject.Convert(sourceReader, destinationStream);
}
public void TestSimpleHtmlToHtml()
{
string expected = File.ReadAllText("../../TestData/html/xamarin3.xhtml");
string text = File.ReadAllText("../../TestData/html/xamarin3.html");
var converter = new HtmlToHtml {
HtmlTagCallback = ReplaceUrlsWithFileNames
};
var result = converter.Convert(text);
Assert.AreEqual(expected, result);
}
public void TestFilterHtml()
{
const string input = "<html><head><script>/* this is a script */</script></head><body>Here is the body content which seems fine so far</body></html>";
const string expected = "<html><head></head><body>Here is the body content which seems fine so far</body></html>";
var converter = new HtmlToHtml {
FilterHtml = true
};
var result = converter.Convert(input);
Assert.AreEqual(expected, result);
}
public void TestFilterComments()
{
const string input = "<html><head><!-- this is a comment --></head><body>Here is the body content <!-- this is another comment -->which seems fine so far</body></html>";
const string expected = "<html><head></head><body>Here is the body content which seems fine so far</body></html>";
var converter = new HtmlToHtml {
FilterComments = true
};
var result = converter.Convert(input);
Assert.AreEqual(expected, result);
}
public void TestSupressInnerContent()
{
const string input = "<html xmlns:v=\"urn:schemas-microsoft-com:vml\" xmlns:o=\"urn:schemas-microsoft-com:office:office\" xmlns:w=\"urn:schemas-microsoft-com:office:word\" xmlns:m=\"http://schemas.microsoft.com/office/2004/12/omml\"xmlns=\"http://www.w3.org/TR/REC-html40\"><head><meta http-equiv=Content-Type content=\"text/html; charset=iso-8859-2\"><meta name=Generator content=\"Microsoft Word 15 (filtered medium)\"><!--[if !mso]><style>v\\:* {behavior:url(#default#VML);}\r\no\\:* {behavior:url(#default#VML);}\r\nw\\:* {behavior:url(#default#VML);}\r\n.shape{behavior:url(#default#VML);}\r\n</style><![endif]--><style><!--\r\n/* Font Definitions */\r\n@font-face\r\n\t{font-family:\"Cambria Math\";\r\n\tpanose-1:2 4 5 3 5 4 6 3 2 4;}\r\n@font-face\r\n\t{font-family:Calibri;\r\n\tpanose-1:2 15 5 2 2 2 4 3 2 4;}\r\n@font-face\r\n\t{font-family:\"Segoe UI\";\r\n\tpanose-1:2 11 5 2 4 2 4 2 2 3;}\r\n@font-face\r\n\t{font-family:Verdana;\r\n\tpanose-1:2 11 6 4 3 5 4 4 2 4;}\r\n/* Style Definitions */\r\np.MsoNormal, li.MsoNormal, div.MsoNormal\r\n\t{margin:0cm;\r\n\tmargin-bottom:.0001pt;\r\n\tfont-size:11.0pt;\r\n\tfont-family:\"Calibri\",sans-serif;\r\n\tmso-fareast-language:EN-US;}\r\nh3\r\n\t{mso-style-priority:9;\r\n\tmso-style-link:\"Heading 3 Char\";\r\n\tmso-margin-top-alt:auto;\r\n\tmargin-right:0cm;\r\n\tmso-margin-bottom-alt:auto;\r\n\tmargin-left:0cm;\r\n\tfont-size:13.5pt;\r\n\tfont-family:\"Times New Roman\",serif;}\r\na:link, span.MsoHyperlink\r\n\t{mso-style-priority:99;\r\n\tcolor:#0563C1;\r\n\ttext-decoration:underline;}\r\na:visited,span.MsoHyperlinkFollowed\r\n\t{mso-style-priority:99;\r\n\tcolor:#954F72;\r\n\ttext-decoration:underline;}\r\nspan.Heading3Char\r\n\t{mso-style-name:\"Heading 3 Char\";\r\n\tmso-style-priority:9;\r\n\tmso-style-link:\"Heading 3\";\r\n\tfont-family:\"Times New Roman\",serif;\r\n\tmso-fareast-language:FR;\r\n\tfont-weight:bold;}\r\nspan.EmailStyle18\r\n\t{mso-style-type:personal;\r\n\tfont-family:\"Calibri\",sans-serif;\r\n\tcolor:windowtext;}\r\nspan.EmailStyle19\r\n\t{mso-style-type:personal-reply;\r\n\tfont-family:\"Calibri\",sans-serif;\r\n\tcolor:#1F497D;}\r\n.MsoChpDefault\r\n\t{mso-style-type:export-only;\r\n\tfont-size:10.0pt;}\r\n@page WordSection1\r\n\t{size:612.0pt 792.0pt;\r\n\tmargin:70.85pt 70.85pt 70.85pt 70.85pt;}\r\ndiv.WordSection1\r\n\t{page:WordSection1;}\r\n--></style><!--[if gte mso 9]><xml>\r\n<o:shapedefaults v:ext=\"edit\" spidmax=\"1026\" />\r\n</xml><![endif]--><!--[if gte mso 9]><xml>\r\n<o:shapelayout v:ext=\"edit\">\r\n<o:idmap v:ext=\"edit\" data=\"1\" />\r\n</o:shapelayout></xml><![endif]--></head><body lang=FR link=\"#0563C1\" vlink=\"#954F72\">Here is the body content which seems fine so far</body></html>";
const string expected = "Here is the body content which seems fine so far";
var converter = new HtmlToHtml {
HtmlTagCallback = SupressInnerContentCallback
};
var result = converter.Convert(input);
Assert.AreEqual(expected, result);
}
public static void RenderMultipartRelated(MultipartRelated related, WebBrowserEditabil pWebBrowser)
{
var root = related.Root;
var multipart = root as Multipart;
var text = root as TextPart;
if (multipart != null)
{
for (int i = multipart.Count; i > 0; i--)
{
var body = multipart[i - 1] as TextPart;
if (body == null)
{
continue;
}
if (body.ContentType.IsMimeType("text", "html"))
{
text = body;
break;
}
if (text == null)
{
text = body;
}
}
}
if (text != null)
{
if (text.ContentType.IsMimeType("text", "html"))
{
var ctx = new MultipartRelatedImageContext(related);
var converter = new HtmlToHtml()
{
HtmlTagCallback = ctx.HtmlTagCallback
};
var html = converter.Convert(text.Text);
pWebBrowser.DocumentText = html;
}
else
{
RenderText(text, pWebBrowser);
}
}
else
{
return;
}
}
private void SetHtmlToBody(TextPart entity)
{
var converter = new HtmlToHtml
{
Header = $"{UIStrings.MarkOfTheWeb}{Environment.NewLine}",
HeaderFormat = HeaderFooterFormat.Html,
HtmlTagCallback = this.HtmlTagCallback
};
var html = entity.Text;
if (!html.Contains("<head>") || !html.Contains("<body>"))
{
var beforeAfter = GetBeforeAfterFormatWrapper(UIStrings.HtmlToHtmlFormatWrapper);
_body = converter.Convert(beforeAfter.Before + html + beforeAfter.After);
}
else
{
_body = converter.Convert(html);
}
}
public void TestSimpleHtmlToHtml()
{
string expected = File.ReadAllText(Path.Combine(TestHelper.ProjectDir, "TestData", "html", "xamarin3.xhtml"));
string text = File.ReadAllText(Path.Combine(TestHelper.ProjectDir, "TestData", "html", "xamarin3.html"));
var converter = new HtmlToHtml {
Header = null, Footer = null, HtmlTagCallback = ReplaceUrlsWithFileNames
};
var result = converter.Convert(text);
Assert.AreEqual(TextFormat.Html, converter.InputFormat, "InputFormat");
Assert.AreEqual(TextFormat.Html, converter.OutputFormat, "OutputFormat");
Assert.AreEqual(expected, result);
}
public void TestArgumentExceptions()
{
var converter = new HtmlToHtml();
var reader = new StringReader("");
var writer = new StringWriter();
Assert.Throws <ArgumentNullException> (() => converter.InputEncoding = null);
Assert.Throws <ArgumentNullException> (() => converter.OutputEncoding = null);
Assert.Throws <ArgumentOutOfRangeException> (() => converter.InputStreamBufferSize = -1);
Assert.Throws <ArgumentOutOfRangeException> (() => converter.OutputStreamBufferSize = -1);
Assert.Throws <ArgumentNullException> (() => converter.Convert(null));
Assert.Throws <ArgumentNullException> (() => converter.Convert((Stream)null, Stream.Null));
Assert.Throws <ArgumentNullException> (() => converter.Convert(Stream.Null, (Stream)null));
Assert.Throws <ArgumentNullException> (() => converter.Convert((TextReader)null, Stream.Null));
Assert.Throws <ArgumentNullException> (() => converter.Convert(Stream.Null, (TextWriter)null));
Assert.Throws <ArgumentNullException> (() => converter.Convert((TextReader)null, writer));
Assert.Throws <ArgumentNullException> (() => converter.Convert(reader, (TextWriter)null));
Assert.Throws <ArgumentNullException> (() => converter.Convert(new StreamReader(Stream.Null), (Stream)null));
Assert.Throws <ArgumentNullException> (() => converter.Convert((Stream)null, new StreamWriter(Stream.Null)));
Assert.Throws <ArgumentNullException> (() => converter.Convert(new StreamReader(Stream.Null), (TextWriter)null));
}
public void TestTextHeaderFooter()
{
const string input = "<body>Here is the body content which seems fine so far</body>";
const string expected = "<html><head></head><br/><body>Here is the body content which seems fine so far</body></html><br/>";
var converter = new HtmlToHtml {
HeaderFormat = HeaderFooterFormat.Text,
Header = "<html><head></head>",
FooterFormat = HeaderFooterFormat.Text,
Footer = "</html>"
};
var result = converter.Convert(input);
Assert.AreEqual(expected, result);
}
public string RenderMultipartRelated(MultipartRelated related)
{
var root = related.Root;
var text = root as TextPart;
if (root is Multipart multipart)
{
for (int i = multipart.Count; i > 0; i--)
{
if (!(multipart[i - 1] is TextPart body))
{
continue;
}
if (body.ContentType.IsMimeType("text", "html"))
{
text = body;
break;
}
if (text == null)
{
text = body;
}
}
}
if (text != null)
{
if (text.ContentType.IsMimeType("text", "html"))
{
var ctx = new MultipartRelatedImageContext(related);
var converter = new HtmlToHtml()
{
HtmlTagCallback = ctx.HtmlTagCallback
};
return(converter.Convert(text.Text));
}
else
{
return(RenderText(text));
}
}
else
{
return("Uncknown message type.");
}
}
/// <summary>
/// Returns a safe version of HTML page by either sanitizing or removing all malicious scripts.
/// </summary>
/// <param name="input">String containing user supplied HTML</param>
/// <returns>Safe version of user supplied HTML</returns>
/// <remarks>Input string is passed through the HtmlToHtml class where any unsafe HTML
/// it might contain is stripped out. A white list of non scriptable tags and attributes
/// are used to parse the input HTML page for malicious scripts. For santizing simple
/// HTML fragments see <see cref="GetSafeHtmlFragment(string)"/>.
/// </remarks>
public static string GetSafeHtml(string input)
{
if (string.IsNullOrEmpty(input))
{
return(string.Empty);
}
TextReader stringReader = null;
TextWriter stringWriter = null;
HtmlToHtml htmlObject = null;
try
{
htmlObject = new HtmlToHtml();
stringReader = new StringReader(input);
stringWriter = new StringWriter(CultureInfo.InvariantCulture);
// Set the properties.
htmlObject.FilterHtml = true;
htmlObject.OutputHtmlFragment = false;
htmlObject.NormalizeHtml = true;
htmlObject.Convert(stringReader, stringWriter);
if (stringWriter.ToString().Length != 0)
{
return(stringWriter.ToString());
}
else
{
return(string.Empty);
}
}
finally
{
if (stringReader != null)
{
stringReader.Close();
}
if (stringWriter != null)
{
stringWriter.Close();
}
}
}
// Token: 0x0600003F RID: 63 RVA: 0x00004608 File Offset: 0x00002808
private bool TryWriteNotificationWithAppendedComments(DsnHumanReadableWriter notificationWriter, MessageItem rejectItem, StreamAttachment commentAttachment, ApprovalInformation info)
{
bool result = true;
string htmlModerationBody = notificationWriter.GetHtmlModerationBody(info);
Charset textCharset = commentAttachment.TextCharset;
Encoding inputEncoding = null;
if (textCharset == null || !textCharset.TryGetEncoding(out inputEncoding))
{
return(false);
}
Charset charset = textCharset;
if (!ModeratedDLApplication.IsEncodingMatch(info.Codepages, textCharset.CodePage))
{
charset = Charset.UTF8;
}
BodyWriteConfiguration configuration = new BodyWriteConfiguration(BodyFormat.TextHtml, charset.Name);
using (Stream stream = rejectItem.Body.OpenWriteStream(configuration))
{
HtmlToHtml htmlToHtml = new HtmlToHtml();
htmlToHtml.Header = htmlModerationBody;
htmlToHtml.HeaderFooterFormat = HeaderFooterFormat.Html;
htmlToHtml.InputEncoding = inputEncoding;
htmlToHtml.OutputEncoding = charset.GetEncoding();
try
{
using (Stream contentStream = commentAttachment.GetContentStream(PropertyOpenMode.ReadOnly))
{
htmlToHtml.Convert(contentStream, stream);
stream.Flush();
}
}
catch (ExchangeDataException arg)
{
ModeratedDLApplication.diag.TraceDebug <ExchangeDataException>(0L, "Attaching comments failed with {0}", arg);
result = false;
}
}
return(result);
}
/// <summary>
/// Sanitizes input HTML document for safe display on browser.
/// </summary>
/// <param name="input">Malicious HTML Document</param>
/// <returns>A santizied HTML document</returns>
/// <remarks>
/// The method transforms and filters HTML of executable scripts.
/// A safe list of tags and attributes are used to strip dangerous
/// scripts from the HTML. HTML is also normalized where tags are
/// properly closed and attributes are properly formatted.
/// </remarks>
public static string GetSafeHtml(string input)
{
if (string.IsNullOrEmpty(input))
{
return(string.Empty);
}
using TextReader stringReader = new StringReader(input);
using TextWriter stringWriter = new StringWriter();
HtmlToHtml htmlObject = new HtmlToHtml
{
FilterHtml = true,
OutputHtmlFragment = false,
NormalizeHtml = true
};
htmlObject.Convert(stringReader, stringWriter);
return(stringWriter.ToString().Length != 0 ? stringWriter.ToString() : string.Empty);
}
public static string SanitizeHtml(string unsafeHtml)
{
if (string.IsNullOrEmpty(unsafeHtml))
{
return(unsafeHtml);
}
string result;
using (StringReader stringReader = new StringReader(unsafeHtml))
{
using (StringWriter stringWriter = new StringWriter(CultureInfo.InvariantCulture))
{
HtmlToHtml htmlToHtml = new HtmlToHtml();
TextConvertersInternalHelpers.SetPreserveDisplayNoneStyle(htmlToHtml, true);
htmlToHtml.InputEncoding = Encoding.UTF8;
htmlToHtml.OutputEncoding = Encoding.UTF8;
htmlToHtml.FilterHtml = true;
htmlToHtml.Convert(stringReader, stringWriter);
result = stringWriter.ToString();
}
}
return(result);
}
protected override void VisitTextPart(TextPart entity)
{
TextConverter converter;
if (foundBody)
{
// since we've already found the body, treat this as an
// attachment
attachments.Add(entity);
return;
}
if (entity.IsHtml)
{
converter = new HtmlToHtml {
HtmlTagCallback = HtmlTagCallback
};
converter.Convert(entity.Text);
}
foundBody = true;
}
/// <summary>
/// Sanitizes input HTML fragment for safe display on browser.
/// </summary>
/// <param name="input">Malicious HTML fragment</param>
/// <returns>Safe HTML fragment</returns>
/// <remarks>
/// The method transforms and filters HTML of executable scripts.
/// A safe list of tags and attributes are used to strip dangerous
/// scripts from the HTML. HTML is also normalized where tags are
/// properly closed and attributes are properly formatted.
/// </remarks>
public static string GetSafeHtmlFragment(string input)
{
if (string.IsNullOrEmpty(input))
{
return(string.Empty);
}
string result;
using (TextReader textReader = new StringReader(input))
{
using (TextWriter textWriter = new StringWriter())
{
HtmlToHtml htmlToHtml = new HtmlToHtml
{
FilterHtml = true,
OutputHtmlFragment = true,
NormalizeHtml = true
};
htmlToHtml.Convert(textReader, textWriter);
if (textWriter.ToString().Length == 0)
{
result = string.Empty;
}
else
{
string text = textWriter.ToString();
if (text.Substring(0, 5).ToLower() == "<div>")
{
text = text.Substring(5);
text = text.Substring(0, text.Length - 8);
}
result = text;
}
}
}
return(result);
}
/// <summary>
/// Sanitizes input HTML fragment for safe display on browser.
/// </summary>
/// <param name="input">Malicious HTML fragment</param>
/// <returns>Safe HTML fragment</returns>
/// <remarks>
/// The method transforms and filters HTML of executable scripts.
/// A safe list of tags and attributes are used to strip dangerous
/// scripts from the HTML. HTML is also normalized where tags are
/// properly closed and attributes are properly formatted.
/// </remarks>
public static string GetSafeHtmlFragment(string input)
{
if (string.IsNullOrEmpty(input))
{
return(string.Empty);
}
using (TextReader stringReader = new StringReader(input))
{
using (TextWriter stringWriter = new StringWriter())
{
HtmlToHtml htmlObject = new HtmlToHtml
{
FilterHtml = true,
OutputHtmlFragment = true,
NormalizeHtml = true
};
htmlObject.Convert(stringReader, stringWriter);
if (stringWriter.ToString().Length == 0)
{
return(string.Empty);
}
// stripping <div> tags
string output = stringWriter.ToString();
if (output.Substring(0, 5).ToLower() == "<div>")
{
output = output.Substring(5);
output = output.Substring(0, output.Length - 8);
}
return(output);
}
}
}
// Token: 0x060003E0 RID: 992 RVA: 0x0000E8BC File Offset: 0x0000CABC
private static void SanitizeMailTips(ADRecipient recipient)
{
if (recipient.MailTipTranslations != null)
{
bool isReadOnly = recipient.IsReadOnly;
if (isReadOnly)
{
recipient.SetIsReadOnly(false);
}
for (int i = 0; i < recipient.MailTipTranslations.Count; i++)
{
string str;
string text;
if (ADRecipient.TryGetMailTipParts(recipient.MailTipTranslations[i], out str, out text) && !string.IsNullOrEmpty(text))
{
using (StringReader stringReader = new StringReader(text))
{
using (StringWriter stringWriter = new StringWriter(CultureInfo.InvariantCulture))
{
HtmlToHtml htmlToHtml = new HtmlToHtml();
htmlToHtml.SetPreserveDisplayNoneStyle(true);
htmlToHtml.InputEncoding = Encoding.UTF8;
htmlToHtml.OutputEncoding = Encoding.UTF8;
htmlToHtml.FilterHtml = true;
htmlToHtml.Convert(stringReader, stringWriter);
string str2 = stringWriter.ToString();
recipient.MailTipTranslations[i] = str + ":" + str2;
}
}
}
}
if (isReadOnly)
{
recipient.SetIsReadOnly(true);
}
}
}
/// <summary>
/// Sanitizes input HTML document for safe display on browser.
/// </summary>
/// <param name="input">Malicious HTML Document</param>
/// <returns>A santizied HTML document</returns>
/// <remarks>
/// The method transforms and filters HTML of executable scripts.
/// A safe list of tags and attributes are used to strip dangerous
/// scripts from the HTML. HTML is also normalized where tags are
/// properly closed and attributes are properly formatted.
/// </remarks>
public static string GetSafeHtml(string input)
{
if (string.IsNullOrEmpty(input))
{
return(string.Empty);
}
string result;
using (TextReader textReader = new StringReader(input))
{
using (TextWriter textWriter = new StringWriter())
{
HtmlToHtml htmlToHtml = new HtmlToHtml
{
FilterHtml = true,
OutputHtmlFragment = false,
NormalizeHtml = true
};
htmlToHtml.Convert(textReader, textWriter);
result = ((textWriter.ToString().Length != 0) ? textWriter.ToString() : string.Empty);
}
}
return(result);
}
