/// <summary>
/// Raises the <see cref="E:RemovingTag" /> event.
/// </summary>
/// <param name="e">The <see cref="RemovingTagEventArgs"/> instance containing the event data.</param>
protected virtual void OnRemovingTag(RemovingTagEventArgs e)
{
if (RemovingTag != null)
{
RemovingTag(this, e);
}
}
/// <summary>
/// Sanitizes the specified HTML.
/// </summary>
/// <param name="html">The HTML to sanitize.</param>
/// <param name="baseUrl">The base URL relative URLs are resolved against. No resolution if empty.</param>
/// <returns>The sanitized HTML.</returns>
public string Sanitize(string html, string baseUrl = "")
{
var dom = CQ.Create(html);
foreach (var tag in dom["*"].Not(string.Join(",", AllowedTags.ToArray())).ToList())
{
var e = new RemovingTagEventArgs {
Tag = tag
};
OnRemovingTag(e);
if (!e.Cancel)
{
tag.Remove();
}
}
foreach (var tag in dom["*"])
{
foreach (var attribute in tag.Attributes.Where(a => !AllowedAttributesSet.Contains(a.Key)).ToList())
{
RemoveAttribute(tag, attribute);
}
foreach (var attribute in tag.Attributes.Where(a => UriAttributes.Contains(a.Key)).ToList())
{
var url = SanitizeUrl(attribute.Value, baseUrl);
if (url == null)
{
RemoveAttribute(tag, attribute);
}
else
{
tag.SetAttribute(attribute.Key, url);
}
}
SanitizeStyle(tag.Style, baseUrl);
foreach (var attribute in tag.Attributes.ToList())
{
if (JSInclude.IsMatch(attribute.Value))
{
RemoveAttribute(tag, attribute);
}
var val = attribute.Value;
if (val.Contains('<'))
{
val = val.Replace("<", "<"); tag.SetAttribute(attribute.Key, val);
}
if (val.Contains('>'))
{
val = val.Replace(">", ">"); tag.SetAttribute(attribute.Key, val);
}
}
}
var output = dom.Render(DomRenderingOptions.RemoveComments | DomRenderingOptions.QuoteAllAttributes);
return(output);
}
/// <summary>
/// Raises the <see cref="E:RemovingTag" /> event.
/// </summary>
/// <param name="e">The <see cref="RemovingTagEventArgs"/> instance containing the event data.</param>
protected virtual void OnRemovingTag(RemovingTagEventArgs e)
{
if (RemovingTag != null) RemovingTag(this, e);
}
/// <summary>
/// Sanitizes the specified HTML.
/// </summary>
/// <param name="html">The HTML to sanitize.</param>
/// <param name="baseUrl">The base URL relative URLs are resolved against. No resolution if empty.</param>
/// <returns>The sanitized HTML.</returns>
public string Sanitize(string html, string baseUrl = "")
{
var dom = CQ.Create(html);
foreach (var tag in dom["*"].Not(string.Join(",", AllowedTags.ToArray())).ToList())
{
var e = new RemovingTagEventArgs { Tag = tag };
OnRemovingTag(e);
if (!e.Cancel) tag.Remove();
}
foreach (var tag in dom["*"])
{
foreach (var attribute in tag.Attributes.Where(a => !AllowedAttributesSet.Contains(a.Key)).ToList())
{
RemoveAttribute(tag, attribute);
}
foreach (var attribute in tag.Attributes.Where(a => UriAttributes.Contains(a.Key)).ToList())
{
var url = SanitizeUrl(attribute.Value, baseUrl);
if (url == null)
{
RemoveAttribute(tag, attribute);
}
else
tag.SetAttribute(attribute.Key, url);
}
SanitizeStyle(tag.Style, baseUrl);
foreach (var attribute in tag.Attributes.ToList())
{
if (JSInclude.IsMatch(attribute.Value))
RemoveAttribute(tag, attribute);
var val = attribute.Value;
if (val.Contains('<')) { val = val.Replace("<", "<"); tag.SetAttribute(attribute.Key, val); }
if (val.Contains('>')) { val = val.Replace(">", ">"); tag.SetAttribute(attribute.Key, val); }
}
}
var output = dom.Render(DomRenderingOptions.RemoveComments | DomRenderingOptions.QuoteAllAttributes);
return output;
}
