Ejemplo n.º 1
0
 /// <summary>
 /// Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of
 /// permitted tags and attributes.
 /// </summary>
 /// <param name="bodyHtml">Input untrusted HTML (body fragment)</param>
 /// <param name="baseUri">URL to resolve relative URLs against</param>
 /// <param name="whitelist">White-list of permitted HTML elements</param>
 /// <param name="outputSettings">Document output settings; use to control pretty-printing and entity escape modes</param>
 /// <returns>Safe HTML (body fragment)</returns>
 /// <see cref="Cleaner.Clean(Document)"/>
 public static string Clean(string bodyHtml, string baseUri, Whitelist whitelist, OutputSettings outputSettings)
 {
     Document dirty = ParseBodyFragment(bodyHtml, baseUri);
     Cleaner cleaner = new Cleaner(whitelist);
     Document clean = cleaner.Clean(dirty);
     clean.OutputSettings(outputSettings);
     return clean.Body.Html();
 }
Ejemplo n.º 2
0
 /// <summary>
 /// Test if the input HTML has only tags and attributes allowed by the Whitelist. Useful for form validation. The input HTML should 
 /// still be run through the cleaner to set up enforced attributes, and to tidy the output.
 /// </summary>
 /// <param name="bodyHtml">HTML to test</param>
 /// <param name="whitelist">whitelist to test against</param>
 /// <returns>true if no tags or attributes were removed; false otherwise</returns>
 /// <seealso cref="Clean(string, NSoup.Safety.Whitelist)"/>
 public static bool IsValid(string bodyHtml, Whitelist whitelist)
 {
     Document dirty = ParseBodyFragment(bodyHtml, string.Empty);
     Cleaner cleaner = new Cleaner(whitelist);
     return cleaner.IsValid(dirty);
 }
Ejemplo n.º 3
0
        public void handlesFramesets()
        {
            String dirty = "<html><head><script></script><noscript></noscript></head><frameset><frame src=\"foo\" /><frame src=\"foo\" /></frameset></html>";
            String clean = NSoupClient.Clean(dirty, Whitelist.Basic);
            Assert.AreEqual("", clean); // nothing good can come out of that

            Document dirtyDoc = NSoupClient.Parse(dirty);
            Document cleanDoc = new Cleaner(Whitelist.Basic).Clean(dirtyDoc);
            Assert.IsFalse(cleanDoc == null);
            Assert.AreEqual(0, cleanDoc.Body.ChildNodes.Count);
        }