/// <summary>
/// Initializes a new instance of the <see cref="FilteredTagCollection"/> class.
/// </summary>
/// <param name="allowedTags">The allowed tags.</param>
public MatchedTagCollection( ValidTagCollection allowedTags )
{
// param validation
if( allowedTags == null ){throw new ArgumentNullException( "allowedTags" ); }
this.allowedTags = allowedTags;
}
/// <summary>
/// Initializes a new instance of the <see cref="FilteredTagCollection"/> class.
/// </summary>
/// <param name="allowedTags">The allowed tags.</param>
public MatchedTagCollection(ValidTagCollection allowedTags)
{
// param validation
if (allowedTags == null)
{
throw new ArgumentNullException("allowedTags");
}
this.allowedTags = allowedTags;
}
public void HtmlAttributeFilterTest(){
ValidTagCollection tags = new ValidTagCollection("a@href@title,img@src");
string one = "aa<a href=\"attValue\" title=\"attTitle\">bb</a>";
string one_result = one;
Assert.AreEqual( one_result, SiteUtilities.FilterHtml( one, tags), "Test one failed.");
string two = "aa<a onclick=\"evil javascript\" href=\"link\">bb</a>";
string two_result = "aa<a href=\"link\">bb</a>";
Assert.AreEqual( two_result, SiteUtilities.FilterHtml( two, tags), "Test two failed." );
string three = "aa<a href=attValue title=attTitle>bb</a>";
string three_result = "aa<a href=\"attValue\" title=\"attTitle\">bb</a>";
Assert.AreEqual( three_result, SiteUtilities.FilterHtml( three, tags), "Test three failed." );
string four = "aa<a href title=\"title\">bb</a>";
string four_result = "aa<a title=\"title\">bb</a>";
Assert.AreEqual( four_result, SiteUtilities.FilterHtml( four, tags), "Test four failed." );
string five = "aa<a title=\"title\" href>bb</a>";
string five_result = "aa<a title=\"title\">bb</a>";
Assert.AreEqual( five_result, SiteUtilities.FilterHtml( five, tags), "Test five failed." );
}
public static string FilterHtml(string input, ValidTagCollection allowedTags)
{
return(SiteUtilities.FilterHtml(input, allowedTags));
}
public static string FilterHtml( string input, ValidTagCollection allowedTags )
{
return SiteUtilities.FilterHtml(input,allowedTags);
}
public static string FilterHtml( string input, ValidTagCollection allowedTags )
{
// no tags allowed so just html encode
if( allowedTags == null || allowedTags.Count == 0 ){
return HttpUtility.HtmlEncode( input );
}
// check for matches
MatchCollection matches = htmlFilterRegex.Matches( input );
// no matches, normal encoding
if( matches.Count == 0 ){
return HttpUtility.HtmlEncode( input );
}
StringBuilder sb = new StringBuilder();
MatchedTagCollection collection = new MatchedTagCollection( allowedTags );
collection.Init( matches);
int inputIndex = 0;
foreach( MatchedTag tag in collection ){
// add the normal text between the current index and the index of the current tag
if( inputIndex < tag.Index ){
sb.Append(HttpUtility.HtmlEncode(input.Substring(inputIndex, tag.Index - inputIndex)));
}
// add the filtered value
sb.Append( tag.FilteredValue );
// move the current index past the tag
inputIndex = tag.Index + tag.Length;
}
// add remainder
if( inputIndex < input.Length ){
sb.Append( HttpUtility.HtmlEncode(input.Substring( inputIndex)) );
}
return sb.ToString();
}
