public void Ctor_WithUnicodeRanges()
{
// Arrange
HtmlEncoder encoder = new HtmlEncoder(UnicodeRanges.Latin1Supplement, UnicodeRanges.MiscellaneousSymbols);
// Act & assert
Assert.Equal("a", encoder.HtmlEncode("a"));
Assert.Equal("\u00E9", encoder.HtmlEncode("\u00E9" /* LATIN SMALL LETTER E WITH ACUTE */));
Assert.Equal("\u2601", encoder.HtmlEncode("\u2601" /* CLOUD */));
}
public static HtmlString PrettyJoin(this IHtmlHelper html, IEnumerable<Person> persons)
{
var encoder = new HtmlEncoder();
Func<Person, string> linkify = p =>
{
using (var w = new StringWriter())
{
html.ActionLink(p.Name, "Details", "Person", new { id = p.PersonId }).WriteTo(w, encoder);
return w.ToString();
}
};
int count = 0;
string res = null;
foreach (var person in persons)
{
switch (count++)
{
case 0:
res = linkify(person);
break;
case 1:
res = linkify(person) + " and " + res;
break;
default:
res = linkify(person) + ", " + res;
break;
}
}
return new HtmlString(res);
}
public void Ctor_WithNoParameters_DefaultsToBasicLatin()
{
// Arrange
HtmlEncoder encoder = new HtmlEncoder();
// Act & assert
Assert.Equal("a", encoder.HtmlEncode("a"));
Assert.Equal("é", encoder.HtmlEncode("\u00E9" /* LATIN SMALL LETTER E WITH ACUTE */));
Assert.Equal("☁", encoder.HtmlEncode("\u2601" /* CLOUD */));
}
public void HtmlEncode_PositiveTestCase()
{
// Arrange
IHtmlEncoder encoder = new HtmlEncoder(UnicodeRanges.All);
StringWriter writer = new StringWriter();
// Act
encoder.HtmlEncode("Hello+there!", writer);
// Assert
Assert.Equal("Hello+there!", writer.ToString());
}
public void GetHtmlEncoder_ServiceProviderHasEncoder_ReturnsRegisteredInstance()
{
// Arrange
var expectedEncoder = new HtmlEncoder();
var serviceProvider = new TestServiceProvider() { Service = expectedEncoder };
// Act
var retVal = serviceProvider.GetHtmlEncoder();
// Assert
Assert.Same(expectedEncoder, retVal);
}
public void Ctor_WithCodePointFilter()
{
// Arrange
var filter = new CodePointFilter().AllowChars("ab").AllowChars('\0', '&', '\uFFFF', 'd');
HtmlEncoder encoder = new HtmlEncoder(filter);
// Act & assert
Assert.Equal("a", encoder.HtmlEncode("a"));
Assert.Equal("b", encoder.HtmlEncode("b"));
Assert.Equal("c", encoder.HtmlEncode("c"));
Assert.Equal("d", encoder.HtmlEncode("d"));
Assert.Equal("�", encoder.HtmlEncode("\0")); // we still always encode control chars
Assert.Equal("&", encoder.HtmlEncode("&")); // we still always encode HTML-special chars
Assert.Equal("", encoder.HtmlEncode("\uFFFF")); // we still always encode non-chars and other forbidden chars
}
public void Default_EquivalentToBasicLatin()
{
// Arrange
HtmlEncoder controlEncoder = new HtmlEncoder(UnicodeRanges.BasicLatin);
HtmlEncoder testEncoder = HtmlEncoder.Default;
// Act & assert
for (int i = 0; i <= Char.MaxValue; i++)
{
if (!IsSurrogateCodePoint(i))
{
string input = new String((char)i, 1);
Assert.Equal(controlEncoder.HtmlEncode(input), testEncoder.HtmlEncode(input));
}
}
}
[MethodImpl(MethodImplOptions.NoInlining)] // the JITter can attempt to inline the caller itself without worrying about us
private static HtmlEncoder CreateDefaultEncoderSlow()
{
var onDemandEncoder = new HtmlEncoder();
return Interlocked.CompareExchange(ref _defaultEncoder, onDemandEncoder, null) ?? onDemandEncoder;
}
public void UrlEncode_DoesNotOutputHtmlSensitiveCharacters()
{
// Per the design document, we provide additional defense-in-depth
// by never emitting HTML-sensitive characters unescaped.
// Arrange
UrlEncoder urlEncoder = new UrlEncoder(UnicodeRanges.All);
HtmlEncoder htmlEncoder = new HtmlEncoder(UnicodeRanges.All);
// Act & assert
for (int i = 0; i <= 0x10FFFF; i++)
{
if (IsSurrogateCodePoint(i))
{
continue; // surrogates don't matter here
}
string urlEncoded = urlEncoder.UrlEncode(Char.ConvertFromUtf32(i));
string thenHtmlEncoded = htmlEncoder.HtmlEncode(urlEncoded);
Assert.Equal(urlEncoded, thenHtmlEncoded); // should have contained no HTML-sensitive characters
}
}
public override void Process(TagHelperContext context, TagHelperOutput output)
{
output.TagName = "ul";
output.Attributes["class"] = "pagination pagination-sm";
if (CurrentPage == 0)
CurrentPage = 1;
var writer = new StringWriter();
var encoder = new HtmlEncoder();
var li = new TagBuilder("li");
var a = new TagBuilder("a");
if (CurrentPage > 10)
{
a.MergeAttribute("href", $"{Url}?Page={((CurrentPage - 1) / 10) * 10}{(SearchMode ? $"&SearchField={SearchField}&SearchQuery={SearchQuery}" : "")}");
a.InnerHtml.AppendHtml("◄");
}
else
{
a.MergeAttribute("class", "disabled");
a.InnerHtml.AppendHtml("◁");
}
li.InnerHtml.Append(a);
li.WriteTo(writer, encoder);
int firstPage = (CurrentPage - 1) / 10 * 10 + 1;
int i;
for (i = firstPage; i < firstPage + 10; i++)
{
if (i > TotalPages)
break;
li = new TagBuilder("li");
a = new TagBuilder("a");
if (i == CurrentPage)
{
li.MergeAttribute("class", "active");
a.MergeAttribute("href", "#");
}
else
{
a.MergeAttribute("href", $"{Url}?Page={i}{(SearchMode ? $"&SearchField={SearchField}&SearchQuery={SearchQuery}" : "")}");
}
a.InnerHtml.AppendHtml(i.ToString());
li.InnerHtml.Append(a);
li.WriteTo(writer, encoder);
}
li = new TagBuilder("li");
a = new TagBuilder("a");
if (i < TotalPages)
{
a.MergeAttribute("href", $"{Url}?Page={i}{(SearchMode ? $"&SearchField={SearchField}&SearchQuery={SearchQuery}" : "")}");
a.InnerHtml.AppendHtml("►");
}
else
{
a.MergeAttribute("class", "disabled");
a.InnerHtml.AppendHtml("▷");
}
li.InnerHtml.Append(a);
li.WriteTo(writer, encoder);
output.Content.AppendHtml(writer.ToString());
}
public void HtmlEncode_AllRangesAllowed_StillEncodesForbiddenChars_Simple(string input, string expected)
{
// Arrange
HtmlEncoder encoder = new HtmlEncoder(UnicodeRanges.All);
// Act
string retVal = encoder.HtmlEncode(input);
// Assert
Assert.Equal(expected, retVal);
}
public void HtmlEncode_AllRangesAllowed_StillEncodesForbiddenChars_Extended()
{
// Arrange
HtmlEncoder encoder = new HtmlEncoder(UnicodeRanges.All);
// Act & assert - BMP chars
for (int i = 0; i <= 0xFFFF; i++)
{
string input = new String((char)i, 1);
string expected;
if (IsSurrogateCodePoint(i))
{
expected = "\uFFFD"; // unpaired surrogate -> Unicode replacement char
}
else
{
if (input == "<") { expected = "<"; }
else if (input == ">") { expected = ">"; }
else if (input == "&") { expected = "&"; }
else if (input == "\"") { expected = """; }
else
{
bool mustEncode = false;
if (i == '\'' || i == '+')
{
mustEncode = true; // apostrophe, plus
}
else if (i <= 0x001F || (0x007F <= i && i <= 0x9F))
{
mustEncode = true; // control char
}
else if (!UnicodeHelpers.IsCharacterDefined((char)i))
{
mustEncode = true; // undefined (or otherwise disallowed) char
}
if (mustEncode)
{
expected = String.Format(CultureInfo.InvariantCulture, "&#x{0:X};", i);
}
else
{
expected = input; // no encoding
}
}
}
string retVal = encoder.HtmlEncode(input);
Assert.Equal(expected, retVal);
}
// Act & assert - astral chars
for (int i = 0x10000; i <= 0x10FFFF; i++)
{
string input = Char.ConvertFromUtf32(i);
string expected = String.Format(CultureInfo.InvariantCulture, "&#x{0:X};", i);
string retVal = encoder.HtmlEncode(input);
Assert.Equal(expected, retVal);
}
}
public void HtmlEncode_StringSubstring()
{
// Arrange
HtmlEncoder encoder = new HtmlEncoder();
var output = new StringWriter();
// Act
encoder.HtmlEncode("Hello+world!", 3, 5, output);
// Assert
Assert.Equal("lo+wo", output.ToString());
}
public void HtmlEncode_NullInput_ReturnsNull()
{
// Arrange
HtmlEncoder encoder = new HtmlEncoder();
// Act & assert
Assert.Null(encoder.HtmlEncode(null));
}
public void HtmlEncode_InputDoesNotRequireEncoding_ReturnsOriginalStringInstance()
{
// Arrange
HtmlEncoder encoder = new HtmlEncoder();
string input = "Hello, there!";
// Act & assert
Assert.Same(input, encoder.HtmlEncode(input));
}
public void HtmlEncode_EmptyStringInput_ReturnsEmptyString()
{
// Arrange
HtmlEncoder encoder = new HtmlEncoder();
// Act & assert
Assert.Equal("", encoder.HtmlEncode(""));
}
public void HtmlEncode_BadSurrogates_ReturnsUnicodeReplacementChar()
{
// Arrange
HtmlEncoder encoder = new HtmlEncoder(UnicodeRanges.All); // allow all codepoints
// "a<unpaired leading>b<unpaired trailing>c<trailing before leading>d<unpaired trailing><valid>e<high at end of string>"
const string input = "a\uD800b\uDFFFc\uDFFF\uD800d\uDFFF\uD800\uDFFFe\uD800";
const string expected = "a\uFFFDb\uFFFDc\uFFFD\uFFFDd\uFFFD𐏿e\uFFFD";
// Act
string retVal = encoder.HtmlEncode(input);
// Assert
Assert.Equal(expected, retVal);
}