private bool TestValidProtocol(Element el, Nodes.Attribute attr, ICollection <Whitelist.Protocol> protocols)
{
// try to resolve relative urls to abs, and optionally update the attribute so output html has abs.
// rels without a baseuri get removed
string value = el.AbsUrl(attr.Key);
if (value.Length == 0)
{
value = attr.Value;
}
// if it could not be made abs, run as-is to allow custom unknown protocols
if (!preserveRelativeLinks)
{
attr.Value = value;
}
foreach (Whitelist.Protocol protocol in protocols)
{
string prot = protocol.ToString() + ":";
if (value.ToLower().StartsWith(prot, StringComparison.Ordinal))
{
return(true);
}
}
return(false);
}
protected Attributes _attributes; // start tags get attributes on construction. End tags get attributes on first new attribute (but only for parser convenience, not used).
public void NewAttribute()
{
if (_attributes == null)
{
_attributes = new Attributes();
}
if (_pendingAttributeName != null)
{
Nodes.Attribute attribute;
if (_pendingAttributeValue == null)
{
attribute = new Nodes.Attribute(_pendingAttributeName, "");
}
else
{
attribute = new Nodes.Attribute(_pendingAttributeName, _pendingAttributeValue.ToString());
}
_attributes.Add(attribute);
}
_pendingAttributeName = null;
if (_pendingAttributeValue != null)
{
_pendingAttributeValue.Remove(0, _pendingAttributeValue.Length);
}
}
public bool IsSafeAttribute(string tagName, Element el, Nodes.Attribute attr)
{
TagName tag = TagName.ValueOf(tagName);
AttributeKey key = AttributeKey.ValueOf(attr.Key);
if (_attributes.ContainsKey(tag))
{
if (_attributes[tag].Contains(key))
{
if (_protocols.ContainsKey(tag))
{
Dictionary <AttributeKey, HashSet <Protocol> > attrProts = _protocols[tag];
// ok if not defined protocol; otherwise test
return(!attrProts.ContainsKey(key) || TestValidProtocol(el, attr, attrProts[key]));
}
else
{ // attribute found, no protocols defined, so OK
return(true);
}
}
}
// no attributes defined for tag, try :all tag
return(!tagName.Equals(":all") && IsSafeAttribute(":all", el, attr));
}
protected virtual string RenderAttribute(Nodes.Attribute attribute, IRendererFactory rendererFactory, IDictionary <string, object> documentHost, object model)
{
var renderer = rendererFactory.GetRenderer(attribute.Value.Name);
if (renderer is HtmlRenderer)
{
renderer = rendererFactory.GetRenderer("string");
}
//render attribute
var tempWriter = Host.CreateWriter();
renderer.Render(tempWriter, rendererFactory, attribute.Value, documentHost, model);
var attributeValue = tempWriter.Result();
if (Host.PathResolver != null)
{
attributeValue = Host.PathResolver.ResolveAttributeRelativePath(attribute.Key, attributeValue);
}
return(attributeValue);
}
/// <summary>
/// Test if the supplied attribute is allowed by this whitelist for this tag
/// </summary>
/// <param name="tagName">tag to consider allowing the attribute in</param>
/// <param name="el">element under test, to confirm protocol</param>
/// <param name="attr">attribute under test</param>
/// <returns>true if allowed</returns>
internal bool IsSafeAttribute(string tagName, Element el, Nodes.Attribute attr)
{
Whitelist.TagName tag = Whitelist.TagName.ValueOf(tagName);
Whitelist.AttributeKey key = Whitelist.AttributeKey.ValueOf(attr.Key);
if (attributes.ContainsKey(tag))
{
if (attributes[tag].Contains(key))
{
if (protocols.ContainsKey(tag))
{
IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrProts = protocols[tag];
// ok if not defined protocol; otherwise test
return(!attrProts.ContainsKey(key) || TestValidProtocol(el, attr, attrProts[key]));
}
else
{
// attribute found, no protocols defined, so OK
return(true);
}
}
}
// no attributes defined for tag, try :all tag
return(!tagName.Equals(":all") && IsSafeAttribute(":all", el, attr));
}
