/// <summary>
/// Sanitize origin html string
/// </summary>
/// <param name="originHtmlString"></param>
/// <param name="policyName"></param>
/// <returns></returns>
public static string Sanitize(string originHtmlString, string policyName)
{
if (string.IsNullOrWhiteSpace(originHtmlString))
{
throw new ArgumentNullException(nameof(originHtmlString));
}
var policy = InternalAntiXssManager.GetPolicy(policyName) ?? InternalAntiXssManager.GetDefaultPolicy();
return(Sanitize(originHtmlString, policy));
}
/// <summary>
/// on action executing...
/// </summary>
/// <param name="filterContext"></param>
//public override void OnActionExecuting(ActionExecutingContext filterContext)
//{
// var request = filterContext.RequestContext.HttpContext.Request;
// var policy = InternalAntiXssManager.GetPolicy(PolicyName) ?? InternalAntiXssManager.GetDefaultPolicy();
// if (policy != null)
// {
// AntiXssCoreHelper.ApplyPolicy(policy, request);
// }
// base.OnActionExecuting(filterContext);
//}
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
var request = filterContext.RequestContext.HttpContext.Request;
var policy = InternalAntiXssManager.GetPolicy(PolicyName) ?? InternalAntiXssManager.GetDefaultPolicy();
if (policy != null)
{
AntiXssCoreHelper.ApplyPolicy(policy, request);
}
}
