/// <summary> /// Sanitize origin html string /// </summary> /// <param name="originHtmlString"></param> /// <param name="policyName"></param> /// <returns></returns> public static string Sanitize(string originHtmlString, string policyName) { if (string.IsNullOrWhiteSpace(originHtmlString)) { throw new ArgumentNullException(nameof(originHtmlString)); } var policy = InternalAntiXssManager.GetPolicy(policyName) ?? InternalAntiXssManager.GetDefaultPolicy(); return(Sanitize(originHtmlString, policy)); }
/// <summary> /// on action executing... /// </summary> /// <param name="filterContext"></param> //public override void OnActionExecuting(ActionExecutingContext filterContext) //{ // var request = filterContext.RequestContext.HttpContext.Request; // var policy = InternalAntiXssManager.GetPolicy(PolicyName) ?? InternalAntiXssManager.GetDefaultPolicy(); // if (policy != null) // { // AntiXssCoreHelper.ApplyPolicy(policy, request); // } // base.OnActionExecuting(filterContext); //} public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); var request = filterContext.RequestContext.HttpContext.Request; var policy = InternalAntiXssManager.GetPolicy(PolicyName) ?? InternalAntiXssManager.GetDefaultPolicy(); if (policy != null) { AntiXssCoreHelper.ApplyPolicy(policy, request); } }