Beispiel #1
0
 private void Sanitizer_RemovingAttribute(object sender, RemovingAttributeEventArgs e)
 {
     // Don't clean /wiki/Special:Tag urls in href="" attributes
     if (e.Attribute.Name.ToLower() == "href" && e.Attribute.Value.Contains("Special:"))
     {
         e.Cancel = true;
     }
 }
Beispiel #2
0
 private void OnRemovingAttribute(object sender, RemovingAttributeEventArgs e)
 {
     if (!e.Attribute.Value.Contains("vbscript:", StringComparison.CurrentCultureIgnoreCase) &&
         !e.Attribute.Value.Contains("javascript:", StringComparison.CurrentCultureIgnoreCase) &&
         !e.Attribute.Value.Contains("data:", StringComparison.CurrentCultureIgnoreCase) &&
         !e.Attribute.Name.StartsWith("on", StringComparison.CurrentCultureIgnoreCase))
     {
         // don't remove the attribute if we've deemed it safe
         e.Cancel = true;
     }
 }
 public static bool AllowOnlyClassList(string attributeName, RemovingAttributeEventArgs e, string[] allowedClasses)
 {
     if (attributeName == "class")
     {
         e.Tag.ClassList.Remove(e.Tag.ClassList.Except(allowedClasses, StringComparer.OrdinalIgnoreCase).ToArray());
         e.Cancel = e.Tag.ClassList.Any();
         return(true);
     }
     else
     {
         return(false);
     }
 }
        public static bool MakeExternalLinksOpenedNewTab(string attributeName, RemovingAttributeEventArgs e, string siteUrl)
        {
            if (attributeName == "href")
            {
                var href = e.Attribute.Value;
                if (!href.StartsWith(siteUrl) &&
                    (href.StartsWith("http") || href.StartsWith("https") ||
                     href.StartsWith("ftp")))
                {
                    if (!e.Tag.Attributes.Any(x => x.Name.ToLower() == "target"))
                    {
                        e.Tag.SetAttribute("target", "_blank");
                    }
                }

                e.Cancel = true;
                return(true);
            }

            return(false);
        }
Beispiel #5
0
        private void OnRemovingAttribute(object s, RemovingAttributeEventArgs e)
        {
            var attributeName = e.Attribute.Name.ToLower();

            AllowOnlyClassList(attributeName, e, options.AllowedClassesArr);
        }
Beispiel #6
0
 private void ForumSanitizer_RemovingAttribute_Forum(object s, RemovingAttributeEventArgs e)
 {
     var attributeName = e.Attribute.Name.ToLower();
     var _             = SanitizerBlocksAttributes.AllowOnlyClassList(attributeName, e, allowedClasses) ||
                         SanitizerBlocksAttributes.MakeExternalLinksOpenedNewTab(attributeName, e, siteUrl);
 }