private bool TestValidProtocol(Element el, Nodes.Attribute attr, ICollection <Whitelist.Protocol> protocols) { // try to resolve relative urls to abs, and optionally update the attribute so output html has abs. // rels without a baseuri get removed string value = el.AbsUrl(attr.Key); if (value.Length == 0) { value = attr.Value; } // if it could not be made abs, run as-is to allow custom unknown protocols if (!preserveRelativeLinks) { attr.Value = value; } foreach (Whitelist.Protocol protocol in protocols) { string prot = protocol.ToString() + ":"; if (value.ToLower().StartsWith(prot, StringComparison.Ordinal)) { return(true); } } return(false); }
protected Attributes _attributes; // start tags get attributes on construction. End tags get attributes on first new attribute (but only for parser convenience, not used). public void NewAttribute() { if (_attributes == null) { _attributes = new Attributes(); } if (_pendingAttributeName != null) { Nodes.Attribute attribute; if (_pendingAttributeValue == null) { attribute = new Nodes.Attribute(_pendingAttributeName, ""); } else { attribute = new Nodes.Attribute(_pendingAttributeName, _pendingAttributeValue.ToString()); } _attributes.Add(attribute); } _pendingAttributeName = null; if (_pendingAttributeValue != null) { _pendingAttributeValue.Remove(0, _pendingAttributeValue.Length); } }
public bool IsSafeAttribute(string tagName, Element el, Nodes.Attribute attr) { TagName tag = TagName.ValueOf(tagName); AttributeKey key = AttributeKey.ValueOf(attr.Key); if (_attributes.ContainsKey(tag)) { if (_attributes[tag].Contains(key)) { if (_protocols.ContainsKey(tag)) { Dictionary <AttributeKey, HashSet <Protocol> > attrProts = _protocols[tag]; // ok if not defined protocol; otherwise test return(!attrProts.ContainsKey(key) || TestValidProtocol(el, attr, attrProts[key])); } else { // attribute found, no protocols defined, so OK return(true); } } } // no attributes defined for tag, try :all tag return(!tagName.Equals(":all") && IsSafeAttribute(":all", el, attr)); }
protected virtual string RenderAttribute(Nodes.Attribute attribute, IRendererFactory rendererFactory, IDictionary <string, object> documentHost, object model) { var renderer = rendererFactory.GetRenderer(attribute.Value.Name); if (renderer is HtmlRenderer) { renderer = rendererFactory.GetRenderer("string"); } //render attribute var tempWriter = Host.CreateWriter(); renderer.Render(tempWriter, rendererFactory, attribute.Value, documentHost, model); var attributeValue = tempWriter.Result(); if (Host.PathResolver != null) { attributeValue = Host.PathResolver.ResolveAttributeRelativePath(attribute.Key, attributeValue); } return(attributeValue); }
/// <summary> /// Test if the supplied attribute is allowed by this whitelist for this tag /// </summary> /// <param name="tagName">tag to consider allowing the attribute in</param> /// <param name="el">element under test, to confirm protocol</param> /// <param name="attr">attribute under test</param> /// <returns>true if allowed</returns> internal bool IsSafeAttribute(string tagName, Element el, Nodes.Attribute attr) { Whitelist.TagName tag = Whitelist.TagName.ValueOf(tagName); Whitelist.AttributeKey key = Whitelist.AttributeKey.ValueOf(attr.Key); if (attributes.ContainsKey(tag)) { if (attributes[tag].Contains(key)) { if (protocols.ContainsKey(tag)) { IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrProts = protocols[tag]; // ok if not defined protocol; otherwise test return(!attrProts.ContainsKey(key) || TestValidProtocol(el, attr, attrProts[key])); } else { // attribute found, no protocols defined, so OK return(true); } } } // no attributes defined for tag, try :all tag return(!tagName.Equals(":all") && IsSafeAttribute(":all", el, attr)); }