C# (CSharp) HtmlUtil.CleanScriptAndEventTags Examples

Example #1

        public void TestCleanScriptAndEventTags()
        {
            const string doubleApostrophes           = "This job ad's content contains a two apostrophes. It's getting truncated.";
            const string doubleApostrophesWithScript = "This job ad's content contains some <script>alert(0)</script>."
                                                       + " It's getting truncated.";

            const string dirty1 = "<a href=\"linkme.com.au\" onClick=\"javascript:alert('hackslol11!!eleven!');\">hahah</a>";
            string       clean1 = HtmlUtil.CleanScriptAndEventTags(dirty1);

            Assert.AreNotEqual(dirty1, clean1);
            Assert.IsFalse(HtmlUtil.ContainsScript(clean1));
            Assert.AreEqual("<a href=\"linkme.com.au\">hahah</a>", clean1);

            const string dirty2 = "<a href=\"linkme.com.au\" onClick='alert(\'hackslol11!!eleven!\');'>hahah</a>";
            string       clean2 = HtmlUtil.CleanScriptAndEventTags(dirty1);

            Assert.AreNotEqual(dirty2, clean2);
            Assert.IsFalse(HtmlUtil.ContainsScript(clean2));
            Assert.AreEqual("<a href=\"linkme.com.au\">hahah</a>", clean2);

            Assert.AreEqual("", HtmlUtil.CleanScriptAndEventTags("<script type=\"text\\javascript\">alert('lolhax');</script>"));
            Assert.AreEqual("Valid text with  in it.", HtmlUtil.CleanScriptAndEventTags("Valid text with <script type=\"text\\javascript\">alert('lolhax');</script> in it."));
            Assert.AreEqual("", HtmlUtil.CleanScriptAndEventTags("<script <a href=\"linkme.com.au\" onclick=\"alert('smrt');\">hahah</a>>alert('This is smarta!');</script>"));

            // Bug 7104 - content between apostrophes gets removed.

            Assert.AreEqual(doubleApostrophes, HtmlUtil.CleanScriptAndEventTags(doubleApostrophes));
            Assert.AreEqual("This job ad's content contains some . It's getting truncated.",
                            HtmlUtil.CleanScriptAndEventTags(doubleApostrophesWithScript));
        }

Example #2

        private JobAd GetJobAd(XmlNode jobAdNode, JobAdStatus?status)
        {
            JobAdElement jobAd;

            try
            {
                using (var reader = new StringReader(jobAdNode.OuterXml))
                {
                    jobAd = (JobAdElement)Serializer.Deserialize(reader);
                }
            }
            catch (Exception)
            {
                return(null);
            }

            if (jobAd != null)
            {
                // Strip out script tags, and remove onX="Y" attributes from content.

                jobAd.Content = HtmlUtil.CleanScriptAndEventTags(jobAd.Content);
                if (jobAd.Content != null)
                {
                    jobAd.Content = jobAd.Content.Replace("\n", "\r\n").Replace("\r\r\n", "\r\n");
                }

                // PositionTitle is now optional. No point in storing the same text twice.

                if (jobAd.PositionTitle == jobAd.Title)
                {
                    jobAd.PositionTitle = null;
                }

                // Override the status if needed.

                if (status != null)
                {
                    jobAd.Status = status;
                }
            }

            return(jobAd.Map(_industriesQuery, _locationQuery));
        }