public void ImgTagShouldSanitizeCorrectly()
        {
            var str       = "<img src=\"https://joinrpg.ru/a.png\" />";
            var sanitizer = new HtmlSanitizer();

            sanitizer.WhiteListMode = true;
            _ = sanitizer.Tag("img").AllowAttributes("src");
            sanitizer.Sanitize(str).ShouldBe("<img src=\"https://joinrpg.ru/a.png\">");
        }
        private static HtmlSanitizer FlattenTags(this HtmlSanitizer htmlSanitizer, params string[] tagNames)
        {
            foreach (var tagName in tagNames)
            {
                FlattenTag(tagName);
            }
            return(htmlSanitizer);

            void FlattenTag(string s)
            {
                htmlSanitizer.Tag(s).Operation(SanitizerOperation.FlattenTag);
            }
        }
Exemple #3
0
        public static string SanitizeHtmlInString(string source)
        {
            StringCollection sc   = new StringCollection();
            string           temp = source;

            // get rid of unnecessary tag spans (comments and title)
            sc.Add(@"<!--(w|W)+?-->");
            sc.Add(@"<title>(w|W)+?</title>");

            // Get rid of classes and styles
            sc.Add(@"s?class=w+");
            sc.Add(@"s+style='[^']+'");

            // Get rid of unnecessary tags
            sc.Add(@"<(meta|link|/?o:|/?style|/?std|/?head|/?html|body|/?body)[^>]*?>");

            // Get rid of empty paragraph tags
            sc.Add(@"(<[^>]+>)+&nbsp;(</w+>)+");

            // remove bizarre v: element attached to <img> tag
            sc.Add(@"s+v:w+=""[^""]+""");

            // remove extra lines
            sc.Add(@"(nr){2,}");

            foreach (string s in sc)
            {
                source = Regex.Replace(source, s, "", RegexOptions.IgnoreCase);
            }

            if (String.IsNullOrWhiteSpace(source))
            {
                Logging.LogError("Following string could not be stripped of Word HTML: " + temp);
                return("Invalid HTML in Source String");
            }

            var sanitizer = new HtmlSanitizer();

            sanitizer.Tag("h1").RemoveEmpty();
            sanitizer.Tag("h2").RemoveEmpty();
            sanitizer.Tag("h3").RemoveEmpty();
            sanitizer.Tag("h4").RemoveEmpty();
            sanitizer.Tag("h5").RemoveEmpty();
            sanitizer.Tag("strong").RemoveEmpty();
            sanitizer.Tag("b").Rename("strong").RemoveEmpty();
            sanitizer.Tag("div").Rename("p").RemoveEmpty();
            sanitizer.Tag("i").RemoveEmpty();
            sanitizer.Tag("em");
            sanitizer.Tag("br");
            sanitizer.Tag("p").RemoveEmpty();
            sanitizer.Tag("div").NoAttributes(SanitizerOperation.FlattenTag);
            sanitizer.Tag("span").RemoveEmpty();
            sanitizer.Tag("ul");
            sanitizer.Tag("ol");
            sanitizer.Tag("li");
            sanitizer.Tag("a").SetAttribute("rel", "nofollow")
            .CheckAttribute("href", HtmlSanitizerCheckType.Url)
            .RemoveEmpty();

            string cleanHtml = sanitizer.Sanitize(source);

            if (!String.IsNullOrWhiteSpace(cleanHtml))
            {
                return(cleanHtml.Trim());
            }

            //Logging.LogError("Following string could not be sanitized: " + source);
            return("Invalid HTML in Source String");
        }
Exemple #4
0
 private static void FlattenTag(this HtmlSanitizer htmlSanitizer, string tagName)
 {
     htmlSanitizer.Tag(tagName).Operation(SanitizerOperation.FlattenTag);
 }
Exemple #5
0
        // Bind Include aby okreslic ktore dane beda zapisywane, nadmiar zostanie zignorowany
        // Zapobiega przypisanie ogloszenia innemu uzytkownikowi,
        public ActionResult Create([Bind(Include = "Tresc,Tytul")] Ogloszenie ogloszenie)
        {
            if (ModelState.IsValid)
            {
                // Automatyczne przypisanie Id użytkownika, który dodaje ogłoszenie
                ogloszenie.UzytkownikId = User.Identity.GetUserId();
                // Automatyczne przypisanie aktualnej daty jako DataDodania
                ogloszenie.DataDodania = DateTime.Now;

                var sanitizer = new HtmlSanitizer();
                sanitizer.WhiteListMode = true;
                sanitizer.Tag("cite");
                var listZnacznikow = _repo.PobierzListeZnacznikowHTML().Select(s => new { s.znacznik}).ToList();
                foreach (var item in listZnacznikow)
                {
                    sanitizer.Tag(item.znacznik);
                }

                string cleanHtml = sanitizer.Sanitize(ogloszenie.Tresc);
                ogloszenie.Tresc = cleanHtml;

                // W razie wystąpienia błędu powrót do widoku dodawania
                try
                {
                    _repo.Dodaj(ogloszenie, null);
                    _repo.SaveChanges();
                    return RedirectToAction("MojeOgloszenia");
                }
                catch (Exception)
                {
                    return View(ogloszenie);
                }

            }


            return View(ogloszenie);
        }