/// <summary>
/// Instantiates the filter by cloning the allow list of another <see cref="ICodePointFilter"/>.
/// </summary>
public CodePointFilter([NotNull] ICodePointFilter other)
{
CodePointFilter otherAsCodePointFilter = other as CodePointFilter;
if (otherAsCodePointFilter != null)
{
_allowedCharsBitmap = otherAsCodePointFilter.GetAllowedCharsBitmap();
}
else
{
_allowedCharsBitmap = AllowedCharsBitmap.CreateNew();
AllowFilter(other);
}
}
/// <summary>
/// Instantiates the filter by cloning the allow list of another <see cref="ICodePointFilter"/>.
/// </summary>
public CodePointFilter(ICodePointFilter other)
{
if (other == null)
{
throw new ArgumentNullException(nameof(other));
}
CodePointFilter otherAsCodePointFilter = other as CodePointFilter;
if (otherAsCodePointFilter != null)
{
_allowedCharsBitmap = otherAsCodePointFilter.GetAllowedCharsBitmap();
}
else
{
_allowedCharsBitmap = AllowedCharsBitmap.CreateNew();
AllowFilter(other);
}
}
/// <summary>
/// Instantiates an encoder using a custom allow list of characters.
/// </summary>
protected UnicodeEncoderBase(CodePointFilter filter, int maxOutputCharsPerInputChar)
{
_maxOutputCharsPerInputChar = maxOutputCharsPerInputChar;
_allowedCharsBitmap = filter.GetAllowedCharsBitmap();
// Forbid characters that are special in HTML.
// Even though this is a common encoder used by everybody (including URL
// and JavaScript strings), it's unfortunately common for developers to
// forget to HTML-encode a string once it has been URL-encoded or
// JavaScript string-escaped, so this offers extra protection.
ForbidCharacter('<');
ForbidCharacter('>');
ForbidCharacter('&');
ForbidCharacter('\''); // can be used to escape attributes
ForbidCharacter('\"'); // can be used to escape attributes
ForbidCharacter('+'); // technically not HTML-specific, but can be used to perform UTF7-based attacks
// Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
// (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
_allowedCharsBitmap.ForbidUndefinedCharacters();
}
/// <summary>
/// Instantiates an encoder using a custom allow list of characters.
/// </summary>
protected UnicodeEncoderBase(CodePointFilter filter, int maxOutputCharsPerInputChar)
{
_maxOutputCharsPerInputChar = maxOutputCharsPerInputChar;
_allowedCharsBitmap = filter.GetAllowedCharsBitmap();
// Forbid characters that are special in HTML.
// Even though this is a common encoder used by everybody (including URL
// and JavaScript strings), it's unfortunately common for developers to
// forget to HTML-encode a string once it has been URL-encoded or
// JavaScript string-escaped, so this offers extra protection.
ForbidCharacter('<');
ForbidCharacter('>');
ForbidCharacter('&');
ForbidCharacter('\''); // can be used to escape attributes
ForbidCharacter('\"'); // can be used to escape attributes
ForbidCharacter('+'); // technically not HTML-specific, but can be used to perform UTF7-based attacks
// Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
// (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
_allowedCharsBitmap.ForbidUndefinedCharacters();
}
