public OrdersService(IDeletableEntityRepository <OrderDocument> dbOrderDocument, IDeletableEntityRepository <Order> dbOrder, IFilesService filesService, IHtmlSanitizer sanitizer)
{
this.dbOrderDocument = dbOrderDocument;
this.dbOrder = dbOrder;
this.filesService = filesService;
this.sanitizer = sanitizer;
}
public PersonEvaluationService(ISearchEngineService searchEngineService, IHtmlSanitizer htmlSanitizer, ITextSentenceSplitter textSentenceSplitter, IHtmlDocumentLoader htmlDocumentLoader)
{
_searchEngineService = searchEngineService;
_htmlSanitizer = htmlSanitizer;
_textSentenceSplitter = textSentenceSplitter;
_htmlDocumentLoader = htmlDocumentLoader;
}
public RequestHandler(IConfiguration configuration, IHtmlSanitizer htmlSanitizer, ISessionStore sessionStore, ApplicationDbContext context)
{
_baseUri = new(configuration.GetSection(_settingKey).Value);
_htmlSanitizer = htmlSanitizer;
_context = context;
_sessionStore = sessionStore;
}
public RichTextPropertyValueEditor(
DataEditorAttribute attribute,
IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
ILocalizedTextService localizedTextService,
IShortStringHelper shortStringHelper,
HtmlImageSourceParser imageSourceParser,
HtmlLocalLinkParser localLinkParser,
RichTextEditorPastedImages pastedImages,
IImageUrlGenerator imageUrlGenerator,
IJsonSerializer jsonSerializer,
IIOHelper ioHelper,
IHtmlSanitizer htmlSanitizer)
: this(
attribute,
backOfficeSecurityAccessor,
localizedTextService,
shortStringHelper,
imageSourceParser,
localLinkParser,
pastedImages,
imageUrlGenerator,
jsonSerializer,
ioHelper,
htmlSanitizer,
StaticServiceProvider.Instance.GetRequiredService <IHtmlMacroParameterParser>())
{
}
public void should_configure_whitelist_for_sanitizer()
{
// given
var whiteListSettings = new HtmlWhiteListSettings()
{
AllowedElements = new List <string> {
"StarWarsMarquee"
},
AllowedAttributes = new List <string> {
"cheesecake"
}
};
var whiteListProviderMock = Substitute.For <IHtmlWhiteListProvider>();
whiteListProviderMock
.Deserialize()
.Returns(whiteListSettings);
HtmlSanitizerFactory factory = CreateFactory(null, whiteListProviderMock);
// when
IHtmlSanitizer sanitizer = factory.CreateHtmlSanitizer();
// then
sanitizer.ShouldNotBeNull();
sanitizer.AllowDataAttributes.ShouldNotBeNull();
sanitizer.AllowedSchemes.ShouldContain("http");
sanitizer.AllowedSchemes.ShouldContain("https");
sanitizer.AllowedSchemes.ShouldContain("mailto");
sanitizer.AllowedTags.ShouldContain("StarWarsMarquee");
sanitizer.AllowedAttributes.ShouldContain("cheesecake");
}
public StoryService(IConfigurationSettings settings, IDomainObjectFactory factory, ICategoryRepository categoryRepository, ITagRepository tagRepository, IStoryRepository storyRepository, IMarkAsSpamRepository markAsSpamRepository, IEventAggregator eventAggregator, ISpamProtection spamProtection, ISpamPostprocessor spamPostprocessor, IContentService contentService, IHtmlSanitizer htmlSanitizer, IThumbnail thumbnail, IStoryWeightCalculator[] storyWeightCalculators, IVoteRepository voteRepository)
{
Check.Argument.IsNotNull(settings, "settings");
Check.Argument.IsNotNull(factory, "factory");
Check.Argument.IsNotNull(categoryRepository, "categoryRepository");
Check.Argument.IsNotNull(tagRepository, "tagRepository");
Check.Argument.IsNotNull(storyRepository, "storyRepository");
Check.Argument.IsNotNull(markAsSpamRepository, "markAsSpamRepository");
Check.Argument.IsNotNull(eventAggregator, "eventAggregator");
Check.Argument.IsNotNull(spamProtection, "spamProtection");
Check.Argument.IsNotNull(spamPostprocessor, "spamPostprocessor");
Check.Argument.IsNotNull(contentService, "contentService");
Check.Argument.IsNotNull(htmlSanitizer, "htmlSanitizer");
Check.Argument.IsNotNull(thumbnail, "thumbnail");
Check.Argument.IsNotEmpty(storyWeightCalculators, "storyWeightCalculators");
Check.Argument.IsNotNull(voteRepository, "voteRepository");
_settings = settings;
_factory = factory;
_categoryRepository = categoryRepository;
_tagRepository = tagRepository;
_storyRepository = storyRepository;
_markAsSpamRepository = markAsSpamRepository;
_eventAggregator = eventAggregator;
_spamProtection = spamProtection;
_spamPostprocessor = spamPostprocessor;
_contentService = contentService;
_htmlSanitizer = htmlSanitizer;
_thumbnail = thumbnail;
_storyWeightCalculators = storyWeightCalculators;
_voteRepository = voteRepository;
}
public InformationService(IRepository <ImageToReview> dbImage, IDeletableEntityRepository <Review> dbReview, IFilesService filesService, IHtmlSanitizer sanitizer)
{
this.dbImage = dbImage;
this.dbReview = dbReview;
this.filesService = filesService;
this.sanitizer = sanitizer;
}
void InitSanitizer()
{
if (DesignMode || !EnableSanitization)
{
return;
}
if (String.IsNullOrEmpty(ToolkitConfig.HtmlSanitizer))
{
throw new Exception("The Sanitizer is not configured in the web.config file. Either install the AjaxControlToolkit.HtmlEditor.Sanitizer NuGet package or set the EnableSanitization property to False (insecure).");
}
var sanitizerType = Type.GetType(ToolkitConfig.HtmlSanitizer);
if (sanitizerType == null)
{
throw new Exception("Cannot determine the sanitizer type. Please make sure it is spelled correctly in Web.config.");
}
if (!typeof(IHtmlSanitizer).IsAssignableFrom(sanitizerType))
{
throw new Exception("The sanitizer type does not implement the IHtmlSanitizer interface.");
}
_sanitizer = (IHtmlSanitizer)Activator.CreateInstance(sanitizerType);
}
public PageSnippetDisplayModelMapper(
IPageRepository pageRepository,
IHtmlSanitizer htmlSanitizer
)
{
_pageRepository = pageRepository;
_htmlSanitizer = htmlSanitizer;
}
public DiscussionController(ILogger <DiscussionController> logger, IDiscussionDataProvider discussionDataProvider, IPermissionsService permissionsService, IDiscussionService discussionService, IHtmlSanitizer htmlSanitizer)
{
_logger = logger ?? throw new ArgumentNullException(nameof(logger));;
_discussionDataProvider = discussionDataProvider ?? throw new ArgumentNullException(nameof(discussionDataProvider));;
_permissionsService = permissionsService ?? throw new ArgumentNullException(nameof(permissionsService));;
_discussionService = discussionService ?? throw new ArgumentNullException(nameof(discussionService));;
_htmlSanitizer = htmlSanitizer ?? throw new ArgumentNullException(nameof(htmlSanitizer));;
}
public PageSnippetDisplayModelMapper(
IContentRepository contentRepository,
IHtmlSanitizer htmlSanitizer
)
{
_contentRepository = contentRepository;
_htmlSanitizer = htmlSanitizer;
}
public HtmlToStoryContentConverter(IHtmlSanitizer sanitizer, ICollection <string> xPaths)
{
Check.Argument.IsNotNull(sanitizer, "sanitizer");
Check.Argument.IsNotEmpty(xPaths, "xPaths");
_sanitizer = sanitizer;
_xPaths.AddRange(xPaths);
}
public HtmlMarkupSanitizer(IHtmlSanitizer sanitizer)
{
if (sanitizer == null)
{
throw new ArgumentNullException(nameof(sanitizer));
}
this.sanitizer = sanitizer;
}
public CommentsController(
ICommentsService commentsService,
IUsersService usersService,
IHtmlSanitizer htmlSanitizer)
{
this.commentsService = commentsService;
this.usersService = usersService;
this.htmlSanitizer = htmlSanitizer;
}
public ProductApiService(IProductService productService,
IAuthorizer authorizer,
IProductCategoryService productCategoryService,
IHtmlSanitizer htmlSanitizer)
{
_productService = productService;
_authorizer = authorizer;
_productCategoryService = productCategoryService;
_htmlSanitizer = htmlSanitizer;
}
public PostSanitizerService(ServiceLocator services) : base(services)
{
_allowAllButNotExecutable = new HtmlSanitizer(
allowedTags: "h1 h2 h3 h4 h5 h6 code i b s img li ul ol link p em strong tr td table tbody a br span code pre sup sub blockquote caption".Split(" "),
allowedSchemes: "http https data".Split(" "),
allowedAttributes: "href src style class".Split(" "),
uriAttributes: "href src".Split(" "),
allowedCssProperties: "list-style-type padding-left text-decoration height width border border-collapse cellspacing cellpadding data-mce-style".Split(" "),
allowedCssClasses: "language-csharp language-markup language-javascript language-css language-php language-ruby language-python language-java language-c language-cpp token operator punctuation keyword string number".Split(" "));
}
public ArticleApiService(IArticleService articleService,
IAuthorizer authorizer,
IArticleTypeService articleTypeService,
IHtmlSanitizer htmlSanitizer)
{
_articleService = articleService;
_authorizer = authorizer;
_articleTypeService = articleTypeService;
_htmlSanitizer = htmlSanitizer;
}
public FolderController(ILogger <FolderController> logger, IFileAndFolderDataProvider fileAndFolderDataProvider, IFolderService folderService,
IPermissionsService permissionsService, IEtagService etagService, IHtmlSanitizer htmlSanitizer)
{
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_fileAndFolderDataProvider = fileAndFolderDataProvider ?? throw new ArgumentNullException(nameof(fileAndFolderDataProvider));
_folderService = folderService ?? throw new ArgumentNullException(nameof(folderService));;
_permissionsService = permissionsService ?? throw new ArgumentNullException(nameof(permissionsService));
_etagService = etagService ?? throw new ArgumentNullException(nameof(etagService));
_htmlSanitizer = htmlSanitizer ?? throw new ArgumentNullException(nameof(htmlSanitizer));
}
public ProductService(
IDeletableEntityRepository <Product> products,
IDeletableEntityRepository <ProductLang> translations,
IUserStore <ApplicationUser> userStore,
IHtmlSanitizer sanitizer)
{
this.productRepository = products;
this.translationRepository = translations;
this.userStore = userStore;
this.sanitizer = sanitizer;
}
public SqlServerMatchLocationRepository(IDatabaseConnectionFactory databaseConnectionFactory, IAuditRepository auditRepository, ILogger logger, IRouteGenerator routeGenerator,
IRedirectsRepository redirectsRepository, IHtmlSanitizer htmlSanitiser, IStoolballEntityCopier copier)
{
_databaseConnectionFactory = databaseConnectionFactory ?? throw new ArgumentNullException(nameof(databaseConnectionFactory));
_auditRepository = auditRepository ?? throw new ArgumentNullException(nameof(auditRepository));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_routeGenerator = routeGenerator ?? throw new ArgumentNullException(nameof(routeGenerator));
_redirectsRepository = redirectsRepository ?? throw new ArgumentNullException(nameof(redirectsRepository));
_htmlSanitiser = htmlSanitiser ?? throw new ArgumentNullException(nameof(htmlSanitiser));
_copier = copier ?? throw new ArgumentNullException(nameof(copier));
}
public PostController(
UserManager <ApplicationUser> userManager,
IPostService postService,
ICategoryService categoryService,
IHtmlSanitizer sanitizer)
{
this.userManager = userManager;
this.postService = postService;
this.categoryService = categoryService;
this.sanitizer = sanitizer;
}
public CategoryService(
IDeletableEntityRepository <Category> categoriesIn,
IDeletableEntityRepository <SubCategory> subCategoriesIn,
IDeletableEntityRepository <SubCategoryLang> subCategoryLangs,
IHtmlSanitizer sanitizer)
{
this.categories = categoriesIn;
this.subCategories = subCategoriesIn;
this.subCategoryLangs = subCategoryLangs;
this.sanitizer = sanitizer;
}
public ProductController(
ICategoryService categoriesIn,
IMapper mapperIn,
IProductService productsIn,
IHtmlSanitizer sanitizer)
{
this.categories = categoriesIn;
this.mapper = mapperIn;
this.products = productsIn;
this.sanitizer = sanitizer;
}
public Handler(
IRepository <Product> productRepository,
IRepository <Categories.Category> categoryRepository,
IImageStoreService imageStoreService,
IHtmlSanitizer htmlSanitizer)
{
_productRepository = productRepository;
_categoryRepository = categoryRepository;
_imageStoreService = imageStoreService;
_htmlSanitizer = htmlSanitizer;
}
public PostSanitizer(IStorage storage, IUrlHelper urlHelper)
{
_storage = storage ?? throw new ArgumentNullException(nameof(storage));
_urlHelper = urlHelper ?? throw new ArgumentNullException(nameof(urlHelper));
_allowAllButNotExecutable = new HtmlSanitizer(
allowedTags: "h1 h2 h3 h4 h5 h6 code i b s img li ul ol link p em strong tr td table tbody a br span code pre sup sub blockquote caption".Split(" "),
allowedSchemes: "http https data".Split(" "),
allowedAttributes: "href src style class".Split(" "),
uriAttributes: "href src".Split(" "),
allowedCssProperties: "list-style-type padding-left text-decoration height width border border-collapse cellspacing cellpadding data-mce-style".Split(" "),
allowedCssClasses: "language-csharp language-markup language-javascript language-css language-php language-ruby language-python language-java language-c language-cpp token operator punctuation keyword string number".Split(" "));
}
public CommentController(ILogger <CommentController> logger, ICommentsDataProvider commentsDataProvider,
ICommentService commentService, IHtmlSanitizer htmlSanitizer, ICommentCommand commentCommand,
IEtagService etagService, ILikeService likeService)
{
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_commentsDataProvider = commentsDataProvider ?? throw new ArgumentNullException(nameof(commentsDataProvider));
_commentService = commentService ?? throw new ArgumentNullException(nameof(commentService));
_htmlSanitizer = htmlSanitizer ?? throw new ArgumentNullException(nameof(htmlSanitizer));
_commentCommand = commentCommand ?? throw new ArgumentNullException(nameof(commentCommand));
_etagService = etagService ?? throw new ArgumentNullException(nameof(etagService));
_likeService = likeService ?? throw new ArgumentNullException(nameof(likeService));;
}
public SearchPagesQueryHandler(
CofoundryDbContext dbContext,
IQueryExecutor queryExecutor,
IPageVersionBlockModelMapper blockDisplayDataFactory,
IHtmlSanitizer htmlSanitizer
)
{
_dbContext = dbContext;
_queryExecutor = queryExecutor;
_blockDisplayDataFactory = blockDisplayDataFactory;
_htmlSanitizer = htmlSanitizer;
}
public UserInputService(PublicContext publicContext, ISettingService settingService, IHtmlSanitizer htmlSanitizer, IServiceProvider serviceProvider)
{
_publicContext = publicContext;
_settingService = settingService;
_htmlSanitizer = htmlSanitizer;
_htmlSanitizer.AllowedCssProperties.Clear();
_htmlSanitizer.AllowedCssClasses.Clear();
var pipeline = new MarkdownPipelineBuilder();
var blockQuoteParser = pipeline.BlockParsers.Find <QuoteBlockParser>();
if (blockQuoteParser != null)
{
pipeline.BlockParsers.Remove(blockQuoteParser);
}
/*var paragraphRenderer = pipeline.BlockParsers.Find<ParagraphBlockParser>();
* if (paragraphRenderer != null)
* pipeline.BlockParsers.Remove(paragraphRenderer);*/
pipeline = pipeline
//.UseMediaLinks()
.UseEmojiAndSmiley()
.UseAutoLinks()
.UseGreenText()
.UseEmphasisExtras()
.UseLinkTo(serviceProvider)
.UseMyEmphasis()
.UseSoftlineBreakAsHardlineBreak();
//.DisableHtml()
pipeline.Extensions.Add(new MyParagraphExtension());
_pipeline = pipeline.Build();
//pipeline.BlockParsers.Remove(QuoteBlockParser)
//pipeline.BlockParsers.Tr();
//pipeline.BlockParsers.TryRemove<HtmlBlockParser>();
//pipeline.InlineParsers.TryRemove<HtmlEntityParser>();
// pipeline.InlineParsers.TryRemove<CodeInlineParser>();
//pipeline.InlineParsers.TryRemove<AutolineInlineParser>();
_jsonWriter = new JsonSerializer
{
NullValueHandling = (NullValueHandling)1
};
}
/// <summary>
/// Constructor.
/// </summary>
public AnnouncementService(
DatabaseContext dbContext,
IAnnouncementValidator validator,
IHtmlSanitizer htmlSanitizer,
IEmailProvider emailProvider,
ITimeProvider timeProvider)
{
_dbContext = dbContext;
_validator = validator;
_htmlSanitizer = htmlSanitizer;
_emailProvider = emailProvider;
_timeProvider = timeProvider;
}
public void should_configure_removing_attribute_event_to_ignore_special_tag()
{
// given
HtmlSanitizerFactory factory = CreateFactory();
const string expectedHtml = "<a href=\"Special:redpage\"></a>";
// when
IHtmlSanitizer sanitizer = factory.CreateHtmlSanitizer();
// then
string actualHtml = sanitizer.Sanitize(expectedHtml);
expectedHtml.ShouldBe(actualHtml);
}
/// <summary>
/// Gets the markdown converted body of the tag that is sanizited.
/// </summary>
/// <param name="transformer">The Markdown object used to convert markdown to html. Optional.</param>
/// <param name="sanitizer">The IHtmlSanitizer object used to sanitize the html produced by the converter.</param>
/// <returns>A string containing the Html that was produced and then sanitized from the markdown.</returns>
public string GetSanitizedBody(MarkdownSharp.Markdown transformer = null, IHtmlSanitizer sanitizer = null)
{
if (sanitizer == null)
{
return new HtmlSanitizer().GetHtml(GetConvertedBody(transformer));
}
else
{
return sanitizer.GetHtml(GetConvertedBody(transformer));
}
}
public CoursesController(ICoursesService coursesService, IHtmlSanitizer sanitizer, ICategoryService categories)
{
_sanitizer = sanitizer;
_categories = categories;
_coursesService = coursesService;
}
public SanitizerService(IHtmlSanitizer sanitizer)
{
this.sanitizer = sanitizer;
}
public SanitizerService()
{
// because reasons
this.sanitizer = new HtmlSanitizer();
}
