/// <summary>Test if the supplied attribute is allowed by this whitelist for this tag</summary>
/// <param name="tagName">tag to consider allowing the attribute in</param>
/// <param name="el">element under test, to confirm protocol</param>
/// <param name="attr">attribute under test</param>
/// <returns>true if allowed</returns>
protected internal virtual bool IsSafeAttribute(String tagName, iText.StyledXmlParser.Jsoup.Nodes.Element
el, iText.StyledXmlParser.Jsoup.Nodes.Attribute attr)
{
Whitelist.TagName tag = Whitelist.TagName.ValueOf(tagName);
Whitelist.AttributeKey key = Whitelist.AttributeKey.ValueOf(attr.Key);
if (attributes.ContainsKey(tag))
{
if (attributes.Get(tag).Contains(key))
{
if (protocols.ContainsKey(tag))
{
IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrProts = protocols.Get(tag);
// ok if not defined protocol; otherwise test
return(!attrProts.ContainsKey(key) || TestValidProtocol(el, attr, attrProts.Get(key)));
}
else
{
// attribute found, no protocols defined, so OK
return(true);
}
}
}
// no attributes defined for tag, try :all tag
return(!tagName.Equals(":all") && IsSafeAttribute(":all", el, attr));
}
internal void NewAttribute()
{
if (attributes == null)
{
attributes = new Attributes();
}
if (pendingAttributeName != null)
{
iText.StyledXmlParser.Jsoup.Nodes.Attribute attribute;
if (hasPendingAttributeValue)
{
attribute = new iText.StyledXmlParser.Jsoup.Nodes.Attribute(pendingAttributeName, pendingAttributeValue.Length
> 0 ? pendingAttributeValue.ToString() : pendingAttributeValueS);
}
else
{
if (hasEmptyAttributeValue)
{
attribute = new iText.StyledXmlParser.Jsoup.Nodes.Attribute(pendingAttributeName, "");
}
else
{
attribute = new BooleanAttribute(pendingAttributeName);
}
}
attributes.Put(attribute);
}
pendingAttributeName = null;
hasEmptyAttributeValue = false;
hasPendingAttributeValue = false;
Reset(pendingAttributeValue);
pendingAttributeValueS = null;
}
private bool TestValidProtocol(iText.StyledXmlParser.Jsoup.Nodes.Element el, iText.StyledXmlParser.Jsoup.Nodes.Attribute
attr, ICollection <Whitelist.Protocol> protocols)
{
// try to resolve relative urls to abs, and optionally update the attribute so output html has abs.
// rels without a baseuri get removed
String value = el.AbsUrl(attr.Key);
if (value.Length == 0)
{
value = attr.Value;
}
// if it could not be made abs, run as-is to allow custom unknown protocols
if (!preserveRelativeLinks)
{
attr.SetValue(value);
}
foreach (Whitelist.Protocol protocol in protocols)
{
String prot = protocol.ToString();
if (prot.Equals("#"))
{
// allows anchor links
if (IsValidAnchor(value))
{
return(true);
}
else
{
continue;
}
}
prot += ":";
if (value.ToLowerInvariant().StartsWith(prot))
{
return(true);
}
}
return(false);
}
