private void SanitizeHtmlNode(HtmlNode node)
{
if (node.NodeType == HtmlNodeType.Element)
{
// check for blacklist items and remove
if (BlackList.Contains(node.Name))
{
node.Remove();
return;
}
// remove CSS Expressions and embedded script links
if (node.Name == "style")
{
if (string.IsNullOrEmpty(node.InnerText))
{
if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:"))
node.ParentNode.RemoveChild(node);
}
}
// remove script attributes
if (node.HasAttributes)
{
for (int i = node.Attributes.Count - 1; i >= 0; i--)
{
HtmlAttribute currentAttribute = node.Attributes[i];
var attr = currentAttribute.Name.ToLower();
var val = currentAttribute.Value.ToLower();
//span style="background: white; color: green"> remove event handlers
if (attr.StartsWith("on"))
node.Attributes.Remove(currentAttribute);
// remove script links
else if (
//(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") &&
val != null &&
val.Contains("javascript:"))
node.Attributes.Remove(currentAttribute);
// Remove CSS Expressions
else if (attr == "style" &&
val != null &&
val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:"))
node.Attributes.Remove(currentAttribute);
}
}
}
// Look through child nodes recursively
if (node.HasChildNodes)
{
for (int i = node.ChildNodes.Count - 1; i >= 0; i--)
{
SanitizeHtmlNode(node.ChildNodes[i]);
}
}
}
public static HtmlNode RemoveComments(HtmlNode node)
{
foreach (var n in node.ChildNodes.ToArray())
RemoveComments(n);
if (node.NodeType == HtmlNodeType.Comment)
node.Remove();
return node;
}
/// <summary>
/// Converts ko tag into a ko comment (virtual element) if bindings still exist; otherwise,
/// removes the tag entirely, but preserves the child nodes in the process.
/// </summary>
/// <param name="node">The ko element.</param>
private static void SimplifyKoTag(HtmlNode node)
{
if (node.Name != "ko") return;
var parentNode = node.ParentNode;
if (node.HasAttributes)
parentNode.InsertBefore(HtmlNode.CreateNode(
string.Format("<!-- ko {0} -->", node.Attributes["data-bind"].Value)), node);
foreach (var cn in node.ChildNodes)
parentNode.InsertBefore(cn, node);
if (node.HasAttributes)
parentNode.InsertBefore(HtmlNode.CreateNode("<!-- /ko -->"), node);
node.Remove();
}
private static void SanitizeNode(HtmlNode node)
{
if (node.NodeType == HtmlNodeType.Element)
{
// TODO: whitelist?
node.Remove();
return;
}
if (node.HasChildNodes)
{
for (int i = node.ChildNodes.Count - 1; i >= 0; i--)
{
SanitizeNode(node.ChildNodes[i]);
}
}
}
private void SanitizeHtmlNode(HtmlNode node)
{
if (node.NodeType == HtmlNodeType.Element)
{
// check for WhiteList items and remove
if (!WhiteList.Contains(node.Name))
{
node.Remove();
return;
}
// remove CSS Expressions and embedded script links
if (node.Name == "style")
{
var val = node.InnerHtml;
if (string.IsNullOrEmpty(node.InnerText))
{
if (HasExpressionLinks(val) || HasScriptLinks(val) )
node.ParentNode.RemoveChild(node);
}
}
// remove script attributes
if (node.HasAttributes)
{
for (int i = node.Attributes.Count - 1; i >= 0; i--)
{
HtmlAttribute currentAttribute = node.Attributes[i];
var attr = currentAttribute.Name.ToLower();
var val = currentAttribute.Value.ToLower();
// remove event handlers
if (attr.StartsWith("on"))
{
node.Attributes.Remove(currentAttribute);
}
// Remove CSS Expressions
else if (attr == "style" && val != null && HasExpressionLinks(val) || HasScriptLinks(val))
{
node.Attributes.Remove(currentAttribute);
}
// remove script links from all attributes
else if (val != null && HasScriptLinks(val))
{
node.Attributes.Remove(currentAttribute);
}
}
}
}
// Look through child nodes recursively
if (node.HasChildNodes)
{
for (int i = node.ChildNodes.Count - 1; i >= 0; i--)
{
SanitizeHtmlNode(node.ChildNodes[i]);
}
}
}
private void RemoveComments(HtmlNode node)
{
if (_removeComments)
{
if (node.NodeType == HtmlNodeType.Comment)
{
var parentNode = node.ParentNode;
node.Remove();
if (parentNode.Attributes.Count == 0 && (parentNode.InnerText == null || parentNode.InnerText == string.Empty))
{
parentNode.Remove();
}
return;
}
}
}
/// <summary>
/// Run a process recursively on an HtmlNode and all those it contains
/// </summary>
/// <param name="node">The top level HtmlNode</param>
/// <param name="process">Action on an HtmlNode</param>
public static void NodeProcess(HtmlNode node, Action<HtmlNode> process)
{
if (node.NodeType == HtmlNodeType.Element)
{
process(node);
}
else if (node.NodeType == HtmlNodeType.Comment)
{
node.Remove();
}
// Look through child nodes recursively
if (node.HasChildNodes)
{
for (int i = node.ChildNodes.Count - 1; i >= 0; i--)
{
if (i >= node.ChildNodes.Count)
i = node.ChildNodes.Count - 1;
NodeProcess(node.ChildNodes[i], process);
}
}
}
/// <summary>
///
/// </summary>
/// <param name="node"></param>
public static void RemoveComments(HtmlNode node)
{
foreach (var n in node.ChildNodes.ToArray())
{
RemoveComments(n);
}
if (node.NodeType == HtmlNodeType.Comment)
{
node.Remove();
}
}
/// <summary>
/// Filters the element, returns whether the element was removed.
/// </summary>
/// <param name="node"></param>
/// <returns></returns>
private bool filterElement(HtmlNode node)
{
if (ElementFilter.IsValid(node))
{
for(int i = 0; i < node.ChildNodes.Count; i++)
{
if (filterElement(node.ChildNodes[i]))
{
i--;
}
}
return false;
}
else
{
node.RemoveAllChildren();
node.Remove();
return true;
}
}