public HtmlFilter(FilterPolicy policy) { if (policy == null) { throw new Exception(); } Policy = policy; }
public CssFilter(FilterPolicy policy) { if (policy == null) { throw new Exception(); } Policy = policy; EmbedStyleSheets = policy.Directive <bool>("embedStyleSheets"); }
public PolicyHtmlTag(FilterPolicy policy, Dictionary <string, PolicyHtmlAttribute> attributes) { Policy = policy; if (attributes != null) { foreach (var a in attributes) { if (a.Value != null) { a.Value.Tag = this; } } this.allowedAttributes = attributes; } }
public PolicyCssProperty(FilterPolicy policy, string name) : base(policy, name) { }
/// <summary> /// 实例化一个富文本对象 /// </summary> /// <param name="text">未被过滤的源文本</param> /// <param name="policy">过滤的安全策略,如果不提供将启用默认的安全策略</param> public RichText(string text, FilterPolicy policy = null) { this.text = text; this.policy = policy; }
/// <summary> /// 实例化一个富文本对象 /// </summary> /// <param name="text">未被过滤的源文本</param> /// <param name="FilterPolicyFilePath">过滤的安全策略文件的物理路径</param> public RichText(string text, string FilterPolicyFilePath) : this(text, FilterPolicy.GetInstance(FilterPolicyFilePath)) { }
/// <summary> /// 实例化一个富文本对象 /// </summary> /// <param name="text">未被过滤的源文本</param> /// <param name="FilterPolicyFile">过滤的安全策略文件信息对象</param> public RichText(string text, FileInfo FilterPolicyFile) : this(text, FilterPolicy.GetInstance(FilterPolicyFile)) { }
public PolicyAttribute(FilterPolicy policy, string name) { Name = name; Policy = policy; }
bool Validate(CssAttribute attr) { return(attr != null && FilterPolicy.ValidateAttribute(Policy.CssProperty(attr.Name), attr.Value)); }
public CssFilter(string FilterPolicyFilePath) : this(FilterPolicy.GetInstance(FilterPolicyFilePath)) { }
public CssFilter(FileInfo FilterPolicyFile) : this(FilterPolicy.GetInstance(FilterPolicyFile)) { }
public CssFilter() : this(FilterPolicy.GetInstance()) { }
void ValidateAction(HtmlNode node, string tagName, PolicyHtmlTag tag) { HtmlNode parentNode = node.ParentNode; #region 过滤样式 if ("style".Equals(tagName)) { try { node.FirstChild.InnerHtml = CssFilter.Filters(node.FirstChild.InnerHtml); } catch { parentNode.RemoveChild(node); } } #endregion #region 过滤属性 for (int currentAttributeIndex = 0; currentAttributeIndex < node.Attributes.Count; currentAttributeIndex++) { HtmlAttribute attribute = node.Attributes[currentAttributeIndex]; string name = attribute.Name, _value = attribute.Value; var attr = tag.AllowedAttribute(name); #region 如果是白名单之外的属性移除掉 if (attr == null) { node.Attributes.Remove(name); currentAttributeIndex--; continue; } #endregion #region 元素内嵌样式 if ("style".Equals(name, StringComparison.OrdinalIgnoreCase)) { try { attribute.Value = CssFilter.Filters(_value, true); } catch { node.Attributes.Remove(name); currentAttributeIndex--; } continue; } #endregion ///如果未能通过验证,将执行指定的操作 if (!FilterPolicy.ValidateAttribute(attr, _value)) { switch (attr.OnInvalid) { case PolicyHtmlAttributeOnInvalid.RemoveTag: //删除当前的元素并退出函数 parentNode.RemoveChild(node); return; case PolicyHtmlAttributeOnInvalid.FilterTag: ///删除当前节点,但保留其有效的子节点 PromoteChildren(node); return; default: //删除当前的属性,指针往回调 node.Attributes.Remove(attr.Name); currentAttributeIndex--; break; } } } #endregion ///过滤当前元素的子节点 FiltersTags(node.ChildNodes); }
public HtmlFilter() : this(FilterPolicy.GetInstance()) { }
public PolicyHtmlAttribute(FilterPolicy policy, string name, PolicyHtmlTag tag = null) : base(policy, name) { Tag = tag; }