/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { var open = formatter.OpenTag(this, false); var children = _content.ChildNodes.ToHtml(formatter); var close = formatter.CloseTag(this, false); return String.Concat(open, children, close); }
/// <summary> /// Returns the serialization of the node guided by the formatter. /// </summary> /// <param name="markup">The markup node to format.</param> /// <param name="formatter">The formatter to use.</param> /// <returns>The source code snippet.</returns> public static String ToHtml(this IMarkupFormattable markup, IMarkupFormatter formatter) { var sb = Pool.NewStringBuilder(); using (var writer = new StringWriter(sb)) { markup.ToHtml(writer, formatter); } return sb.ToPool(); }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return ChildNodes.ToHtml(formatter); }
public override void ToHtml(TextWriter writer, IMarkupFormatter formatter) { writer.Write(formatter.Processing(this)); }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return formatter.Processing(this); }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return formatter.Doctype(this); }
/// <summary> /// Sanitizes the specified HTML. /// </summary> /// <param name="html">The HTML to sanitize.</param> /// <param name="baseUrl">The base URL relative URLs are resolved against. No resolution if empty.</param> /// <param name="outputFormatter">The CsQuery output formatter used to render the DOM. Using the default formatter if null.</param> /// <returns>The sanitized HTML.</returns> public string Sanitize(string html, string baseUrl = "", IMarkupFormatter outputFormatter = null) { var parser = new HtmlParser(new Configuration().WithCss(e => e.Options = new CssParserOptions { IsIncludingUnknownDeclarations = true, IsIncludingUnknownRules = true, IsToleratingInvalidConstraints = true, IsToleratingInvalidValues = true })); var dom = parser.Parse(html); // remove non-whitelisted tags foreach (var tag in dom.Body.QuerySelectorAll("*").Where(t => !IsAllowedTag(t)).ToList()) { RemoveTag(tag, RemoveReason.NotAllowedTag); } // cleanup attributes foreach (var tag in dom.Body.QuerySelectorAll("*").OfType<IHtmlElement>().ToList()) { // remove non-whitelisted attributes foreach (var attribute in tag.Attributes.Where(a => !IsAllowedAttribute(a)).ToList()) { RemoveAttribute(tag, attribute, RemoveReason.NotAllowedAttribute); } // sanitize URLs in URL-marked attributes foreach (var attribute in tag.Attributes.Where(IsUriAttribute).ToList()) { var url = SanitizeUrl(attribute.Value, baseUrl); if (url == null) RemoveAttribute(tag, attribute, RemoveReason.NotAllowedUrlValue); else tag.SetAttribute(attribute.Name, url); } // sanitize the style attribute SanitizeStyle(tag, baseUrl); // sanitize the value of the attributes foreach (var attribute in tag.Attributes.ToList()) { // The '& Javascript include' is a possible method to execute Javascript and can lead to XSS. // (see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#.26_JavaScript_includes) if (attribute.Value.Contains("&{")) RemoveAttribute(tag, attribute, RemoveReason.NotAllowedValue); else { // escape attribute value var val = attribute.Value.Replace("<", "<").Replace(">", ">"); tag.SetAttribute(attribute.Name, val); } } } var nodes = GetAllNodes(dom.Body).ToList(); foreach (var comment in nodes.OfType<IComment>()) comment.Remove(); if (PostProcessNode != null) { foreach (var node in nodes) { var e = new PostProcessNodeEventArgs { Document = dom, Node = node }; OnPostProcessNode(e); if (e.ReplacementNodes.Any()) ((IChildNode)node).Replace(e.ReplacementNodes.ToArray()); } } var output = dom.Body.ChildNodes.ToHtml(outputFormatter ?? HtmlMarkupFormatter.Instance); return output; }
public override void ToHtml(TextWriter writer, IMarkupFormatter formatter) { writer.Write(formatter.Text(_content)); }
public String ToHtml(IMarkupFormatter formatter) { return(_host.ToHtml(formatter)); }
/// <summary> /// In-lines the CSS within the HTML given. /// </summary> /// <param name="stream">The Stream input.</param> /// <param name="removeStyleElements">If set to <c>true</c> the style elements are removed.</param> /// <param name="ignoreElements">CSS selector for STYLE elements to ignore (e.g. mobile-specific styles etc.)</param> /// <param name="css">A string containing a style-sheet for inlining.</param> /// <param name="stripIdAndClassAttributes">True to strip ID and class attributes</param> /// <param name="removeComments">True to remove comments, false to leave them intact</param> /// <returns>Returns the html input, with styles moved to inline attributes.</returns> public static InlineResult MoveCssInline(Stream stream, bool removeStyleElements = false, string ignoreElements = null, string css = null, bool stripIdAndClassAttributes = false, bool removeComments = false, IMarkupFormatter customFormatter = null) { return(new PreMailer(stream).MoveCssInline(removeStyleElements, ignoreElements, css, stripIdAndClassAttributes, removeComments, customFormatter)); }
/// <summary> /// In-lines the CSS for the current HTML /// </summary> /// <param name="removeStyleElements">If set to <c>true</c> the style elements are removed.</param> /// <param name="ignoreElements">CSS selector for STYLE elements to ignore (e.g. mobile-specific styles etc.)</param> /// <param name="css">A string containing a style-sheet for inlining.</param> /// <param name="stripIdAndClassAttributes">True to strip ID and class attributes</param> /// <param name="removeComments">True to remove comments, false to leave them intact</param> /// <returns>Returns the html input, with styles moved to inline attributes.</returns> public InlineResult MoveCssInline(bool removeStyleElements = false, string ignoreElements = null, string css = null, bool stripIdAndClassAttributes = false, bool removeComments = false, IMarkupFormatter customFormatter = null) { // Store the variables used for inlining the CSS _removeStyleElements = removeStyleElements; _stripIdAndClassAttributes = stripIdAndClassAttributes; _ignoreElements = ignoreElements; _css = css; // Gather all of the CSS that we can work with. var cssSourceNodes = CssSourceNodes(); var cssLinkNodes = CssLinkNodes(); var cssSources = new List <ICssSource>(ConvertToStyleSources(cssSourceNodes)); cssSources.AddRange(ConvertToStyleSources(cssLinkNodes)); var cssBlocks = GetCssBlocks(cssSources); if (_removeStyleElements) { RemoveStyleElements(cssSourceNodes); RemoveStyleElements(cssLinkNodes); } var joinedBlocks = Join(cssBlocks); var validSelectors = CleanUnsupportedSelectors(joinedBlocks); var elementsWithStyles = FindElementsWithStyles(validSelectors); var mergedStyles = MergeStyleClasses(elementsWithStyles); StyleClassApplier.ApplyAllStyles(mergedStyles); if (_stripIdAndClassAttributes) { StripElementAttributes("id", "class"); } if (removeComments) { var comments = _document.Descendents <IComment>().ToList(); foreach (var comment in comments) { comment.Remove(); } } IMarkupFormatter markupFormatter = customFormatter ?? GetMarkupFormatterForDocType(); using (var sw = new StringWriter()) { _document.ToHtml(sw, markupFormatter); return(new InlineResult(sw.GetStringBuilder(), _warnings)); } }
public override void ToHtml(TextWriter writer, IMarkupFormatter formatter) { writer.Write(formatter.OpenTag(this, false)); _content.ChildNodes.ToHtml(writer, formatter); writer.Write(formatter.CloseTag(this, false)); }
private void DoSanitize(IHtmlDocument dom, IElement context, string baseUrl = "", IMarkupFormatter outputFormatter = null) { // remove non-whitelisted tags foreach (var tag in context.QuerySelectorAll("*").Where(t => !IsAllowedTag(t)).ToList()) { RemoveTag(tag, RemoveReason.NotAllowedTag); } SanitizeStyleSheets(dom, baseUrl); // cleanup attributes foreach (var tag in context.QuerySelectorAll("*").OfType <IHtmlElement>().ToList()) { // remove non-whitelisted attributes foreach (var attribute in tag.Attributes.Where(a => !IsAllowedAttribute(a)).ToList()) { RemoveAttribute(tag, attribute, RemoveReason.NotAllowedAttribute); } // sanitize URLs in URL-marked attributes foreach (var attribute in tag.Attributes.Where(IsUriAttribute).ToList()) { var url = SanitizeUrl(attribute.Value, baseUrl); if (url == null) { RemoveAttribute(tag, attribute, RemoveReason.NotAllowedUrlValue); } else { tag.SetAttribute(attribute.Name, url); } } // sanitize the style attribute SanitizeStyle(tag, baseUrl); // sanitize the value of the attributes foreach (var attribute in tag.Attributes.ToList()) { // The '& Javascript include' is a possible method to execute Javascript and can lead to XSS. // (see https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#.26_JavaScript_includes) if (attribute.Value.Contains("&{")) { RemoveAttribute(tag, attribute, RemoveReason.NotAllowedValue); } else { // escape attribute value var val = attribute.Value.Replace("<", "<").Replace(">", ">"); tag.SetAttribute(attribute.Name, val); } } } var nodes = GetAllNodes(context).ToList(); RemoveComments(nodes); DoPostProcess(dom, nodes); }
/// <summary> /// In-lines the CSS within the HTML given. /// </summary> /// <param name="html">The HTML input.</param> /// <param name="removeStyleElements">If set to <c>true</c> the style elements are removed.</param> /// <param name="ignoreElements">CSS selector for STYLE elements to ignore (e.g. mobile-specific styles etc.)</param> /// <param name="css">A string containing a style-sheet for inlining.</param> /// <param name="stripIdAndClassAttributes">True to strip ID and class attributes</param> /// <param name="removeComments">True to remove comments, false to leave them intact</param> /// <param name="preserveMediaQueries">If set to true and removeStyleElements is true, it will instead preserve unsupported media queries in the style node and remove the other css, instead of removing the whole style node</param> /// <returns>Returns the html input, with styles moved to inline attributes.</returns> public static InlineResult MoveCssInline(string html, bool removeStyleElements = false, string ignoreElements = null, string css = null, bool stripIdAndClassAttributes = false, bool removeComments = false, IMarkupFormatter customFormatter = null, bool preserveMediaQueries = false) { return(new PreMailer(html).MoveCssInline(removeStyleElements, ignoreElements, css, stripIdAndClassAttributes, removeComments, customFormatter, preserveMediaQueries)); }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public virtual String ToHtml(IMarkupFormatter formatter) { return(TextContent); }
public override void ToHtml(TextWriter writer, IMarkupFormatter formatter) { ChildNodes.ToHtml(writer, formatter); }
/// <summary> /// Returns an HTML-code representation of the comment. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return(formatter.Comment(this)); }
/// <summary> /// Returns an HTML-code representation of the character data. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return formatter.Text(_content); }
/// <summary> /// Returns an HTML-code representation of the comment. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return formatter.Comment(this); }
public override void ToHtml(TextWriter writer, IMarkupFormatter formatter) { if (Parent != null && ((Parent.Flags & NodeFlags.LiteralText) == NodeFlags.LiteralText)) { writer.Write(Data); } else { base.ToHtml(writer, formatter); } }
public void ToHtml(TextWriter writer, IMarkupFormatter formatter) { }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return(formatter.Doctype(this)); }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return(formatter.Processing(this)); }
public String ToHtml(IMarkupFormatter formatter) { return _host.ToHtml(formatter); }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { if (Parent != null && Parent.Flags.HasFlag(NodeFlags.LiteralText)) return Data; return base.ToHtml(formatter); }
public void ToHtml(TextWriter writer, IMarkupFormatter formatter) { _host.ToHtml(writer, formatter); }
/// <summary> /// Adds the specified <paramref name="formatter"/> to the policy. /// </summary> /// <param name="formatter"></param> /// <returns>The current policy builder.</returns> public AntiXssPolicyBuilder WithOutputFormatter(IMarkupFormatter formatter) { _policy.OutputFormatter = formatter; return(this); }
public void ToHtml(TextWriter writer, IMarkupFormatter formatter) { throw new NotImplementedException(); }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="writer">The serialization output target.</param> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override void ToHtml(TextWriter writer, IMarkupFormatter formatter) { writer.Write(formatter.Doctype(this)); }
/// <summary> /// Returns an HTML-code representation of the character data. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return(formatter.Text(_content)); }
public virtual void ToHtml(TextWriter writer, IMarkupFormatter formatter) { writer.Write(TextContent); }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public String ToHtml(IMarkupFormatter formatter) { var sb = Pool.NewStringBuilder(); for (int i = 0; i < _entries.Count; i++) { var htmlCode = _entries[i].ToHtml(formatter); sb.Append(htmlCode); } return sb.ToPool(); }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { return(ChildNodes.ToHtml(formatter)); }
public void ToHtml(TextWriter writer, IMarkupFormatter formatter) { for (var i = 0; i < _entries.Count; i++) { _entries[i].ToHtml(writer, formatter); } }
/// <summary> /// Returns an HTML-code representation of the node. /// </summary> /// <param name="formatter">The formatter to use.</param> /// <returns>A string containing the HTML code.</returns> public override String ToHtml(IMarkupFormatter formatter) { var selfClosing = Flags.HasFlag(NodeFlags.SelfClosing); var open = formatter.OpenTag(this, selfClosing); var children = String.Empty; if (!selfClosing) { var sb = Pool.NewStringBuilder(); if (Flags.HasFlag(NodeFlags.LineTolerance) && FirstChild is IText) { var text = (IText)FirstChild; if (text.Data.Length > 0 && text.Data[0] == Symbols.LineFeed) sb.Append(Symbols.LineFeed); } foreach (var child in ChildNodes) sb.Append(child.ToHtml(formatter)); children = sb.ToPool(); } var close = formatter.CloseTag(this, selfClosing); return String.Concat(open, children, close); }