public ActionResult ArticleCreate(Article model) { if (ModelState.IsValid) { if (Request.Files.Count != 1) { ViewData["StatusList"] = EnumExtension.GetSelectList(typeof(ArticleStatus)); ViewData["ClassList"] = EnumExtension.GetSelectList(typeof(ArticleClass)); return View(); } var file = Request.Files[0]; var s = new HtmlSanitizer(); model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); model.Image = Material.Create("", MaterialType.Avatar, file, db); model.NewArticle(); db.Articles.Add(model); db.SaveChanges(); return RedirectToAction("Index", new { status = AdminOperationStatus.Success }); } ViewData["StatusList"] = EnumExtension.GetSelectList(typeof(ArticleStatus)); ViewData["ClassList"] = EnumExtension.GetSelectList(typeof(ArticleClass)); return View(); }
public void ConfigureServices(IServiceCollection services) { services.AddBlazorModal(); services.AddScoped <IHtmlSanitizer, HtmlSanitizer>(x => { var sanitizer = new Ganss.XSS.HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); return(sanitizer); }); }
public override IEnumerable<ModelValidationResult> Validate(ModelMetadata metadata, object container) { if (metadata.Model is string) { var sanitizer = new HtmlSanitizer( allowedTags: _attribute != null ? _attribute.AllowedTags : new string[0], allowedSchemes: new string[0], allowedAttributes: new string[0], uriAttributes: new string[0], allowedCssProperties: new string[0]); var dirty = (string) metadata.Model; var sanitized = sanitizer.Sanitize(dirty, outputFormatter: OutputFormatters.HtmlEncodingNone); if (!dirty.Equals(sanitized)) { yield return new ModelValidationResult { MemberName = string.Empty, Message = "A potentially dangerous value was detected from the client." }; } } }
public static HtmlString HtmlDetails(this Ticket ticket) { var content = (ticket.IsHtml) ? ticket.Details : ticket.Details.HtmlFromMarkdown(); var san = new HtmlSanitizer(); return new HtmlString(san.Sanitize(content)); }
public string Sanitize(string html) { var sanitizer = new HtmlSanitizer(); var result = sanitizer.Sanitize(html); return result; }
public static async Task Main(string[] args) { var builder = WebAssemblyHostBuilder.CreateDefault(args); builder.RootComponents.Add <App>("app"); builder.Services.AddTransient(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) }); builder.Services.AddOidcAuthentication(options => { builder.Configuration.Bind("Auth0", options.ProviderOptions); options.ProviderOptions.ResponseType = "code"; }); builder.Services.AddScoped <IHtmlSanitizer, HtmlSanitizer>(x => { // Configure sanitizer rules as needed here. // For now, just use default rules + allow class attributes var sanitizer = new Ganss.XSS.HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); return(sanitizer); }); //builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.Configuration["APIBaseAddress"])}); builder.Services.AddScoped <ApiService>(); builder.Services.AddHttpClient <ApiService>(hc => hc.BaseAddress = new Uri(builder.Configuration["APIBaseAddress"])) .SetHandlerLifetime(TimeSpan.FromMinutes(5)) .AddPolicyHandler(GetRetryPolicy()); await builder.Build().RunAsync(); }
public void ConfigureServices(IServiceCollection services) { services.AddBlazoredLocalStorage(); services.AddTransient <IAppVersionService, AppVersionService>(); services.AddAuthorizationCore(); services.AddScoped <AuthenticationStateProvider, ApiAuthenticationStateProvider>(); services.AddScoped <IAuthService, AuthService>(); services.AddFileReaderService(options => options.UseWasmSharedBuffer = true); services.AddMatToaster(config => { config.Position = MatToastPosition.BottomRight; config.PreventDuplicates = true; config.NewestOnTop = true; config.ShowCloseButton = true; config.MaximumOpacity = 93; //config.VisibleStateDuration = 7000; }); services.AddScoped <IHtmlSanitizer, HtmlSanitizer>(x => { // Configure sanitizer rules as needed here. // For now, just use default rules + allow class attributes var sanitizer = new Ganss.XSS.HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); return(sanitizer); }); }
public void IsValidHtml( string html, out string sanitizedHtml, out bool wasModified, ISet<string> allowedTags = null, ISet<string> allowedUrlSchemes = null, ISet<string> allowedAttributes = null, ISet<string> allowedUriAttributes = null, ISet<string> allowedCssProperties = null, bool appendAllowedToDefaults = true) { if (appendAllowedToDefaults) { allowedTags?.AddRange(this.DefaultAllowedTags); allowedUrlSchemes?.AddRange(this.DefaultUrlSchemes); allowedAttributes?.AddRange(this.DefaultAttributes); allowedUriAttributes?.AddRange(this.DefaultUrlAttributes); allowedCssProperties?.AddRange(this.DefaultAllowedCssProperties); } var sanitizer = new HtmlSanitizer( allowedTags, allowedUrlSchemes, allowedAttributes, allowedUriAttributes, allowedCssProperties); sanitizedHtml = sanitizer.Sanitize(html); wasModified = html != sanitizedHtml; }
public static async Task Main(string[] args) { var builder = WebAssemblyHostBuilder.CreateDefault(args); builder.RootComponents.Add <App>("app"); builder.Services.AddScoped <Auth0AuthorizationMessageHandler>(); ; var baseAddress = builder.Configuration["HttpClientBaseAddress"]; builder.Services.AddHttpClient <ProjectApiService>(sp => sp.BaseAddress = new Uri(baseAddress)) .AddHttpMessageHandler <Auth0AuthorizationMessageHandler>() .SetHandlerLifetime(TimeSpan.FromMinutes(5)) .AddPolicyHandler(GetRetryPolicy()); builder.Services.AddScoped <IHtmlSanitizer, HtmlSanitizer>(x => { // Configure sanitizer rules as needed here. // For now, just use default rules + allow class attributes var sanitizer = new Ganss.XSS.HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); return(sanitizer); }); builder.Services.AddOidcAuthentication(options => { builder.Configuration.Bind("Auth0", options.ProviderOptions); options.ProviderOptions.ResponseType = "code"; options.ProviderOptions.DefaultScopes.Add("https://schemas.dev-f6kthe8k.com/roles"); }); await builder.Build().RunAsync(); }
public static string Sanitize(string html) { var sanitizer = new HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); var sanitizedHtml = sanitizer.Sanitize(html); return sanitizedHtml; }
public static HtmlString HtmlComment(this TicketEvent ticketEvent) { var content = (ticketEvent.IsHtml) ? ticketEvent.Comment : ticketEvent.Comment.HtmlFromMarkdown(); var san = new HtmlSanitizer(); return new HtmlString(san.Sanitize(content)); }
public void ConfigureServices(IServiceCollection services) { services.AddScoped <IHtmlSanitizer, HtmlSanitizer>(x => { // Configure sanitizer rules as needed here. // For now, just use default rules + allow class attributes var sanitizer = new Ganss.XSS.HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); return(sanitizer); }); }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddRazorPages(); services.AddServerSideBlazor(); // used in MarkdownViewer for markup/down conversion services.AddScoped <IHtmlSanitizer, HtmlSanitizer>(p => { var sanitizer = new Ganss.XSS.HtmlSanitizer(); // start with the defaults sanitizer.AllowedTags.Add("p"); // add <p> return(sanitizer); }); }
/// <summary> /// Add Markdown services. /// </summary> /// <param name="services"></param> public static void AddMarkdownServices(this IServiceCollection services) { services.AddScoped <IHtmlSanitizer, HtmlSanitizer>(x => { // Configure sanitizer rules as needed here. // For now, just use default rules + allow class attributes var sanitizer = new Ganss.XSS.HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); return(sanitizer); }); services.AddSingleton <Highlight>(); }
public static async Task Main(string[] args) { var builder = WebAssemblyHostBuilder.CreateDefault(args); builder.RootComponents.Add <App>("app"); builder.Services.AddHttpClient <ProjectApiService>(hc => hc.BaseAddress = new Uri(builder.Configuration["APIBaseAddress"])) .SetHandlerLifetime(TimeSpan.FromMinutes(5)) .AddPolicyHandler(GetRetryPolicy()); builder.Services.AddScoped <Auth0AuthorizationMessageHandler>(); builder.Services.AddScoped <ProjectApiService>(); builder.Services.AddHttpClient <ProjectApiService>(hc => hc.BaseAddress = new Uri(builder.Configuration["APIBaseAddress"])) .AddHttpMessageHandler <Auth0AuthorizationMessageHandler>() .SetHandlerLifetime(TimeSpan.FromMinutes(5)) .AddPolicyHandler(GetRetryPolicy()); builder.Services.AddTransient(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) }); builder.Services.AddOidcAuthentication(options => { builder.Configuration.Bind("Auth0", options.ProviderOptions); options.ProviderOptions.ResponseType = "code"; options.ProviderOptions.DefaultScopes.Add("https://schemas.dev-01xt5ns9.com/roles"); }); builder.Services.AddScoped <IHtmlSanitizer, HtmlSanitizer>(x => { // Configure sanitizer rules as needed here. // For now, just use default rules + allow class attributes var sanitizer = new Ganss.XSS.HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); return(sanitizer); }); builder.Services.Configure <RouteOptions>(options => { options.ConstraintMap.Add("slug", typeof(SlugParameterTransformer)); }); await builder.Build().RunAsync(); }
public ActionResult ArticleCreate(Article model) { var s = new HtmlSanitizer(); if (ModelState.IsValid) { model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); var file = Request.Files[0]; if (Request.Files.Count >= 1 && file.FileName != "") { if (MaterialType.Avatar.Match(file)) { model.Image = Material.Create("", MaterialType.Avatar, Request.Files[0], db); if (model.Image == null) { ViewData["StatusList"] = EnumExtension.GetSelectList(typeof(ArticleStatus)); ViewData["ClassList"] = EnumExtension.GetSelectList(typeof(ArticleClass)); return View(model); } } else { ViewData["StatusList"] = EnumExtension.GetSelectList(typeof(ArticleStatus)); ViewData["ClassList"] = EnumExtension.GetSelectList(typeof(ArticleClass)); TempData["Alert"] = "请检查上传文件的格式是否正确!"; return View(model); } } else { model.Image = db.Materials.Find(Guid.Empty.DefaultMaterial(DefaultMaterial.News)); } model.NewArticle(); db.Articles.Add(model); db.SaveChanges(); TempData["Alert"] = "文章创建成功!"; return RedirectToAction("Articles"); } model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); ViewData["StatusList"] = EnumExtension.GetSelectList(typeof(ArticleStatus)); ViewData["ClassList"] = EnumExtension.GetSelectList(typeof(ArticleClass)); return View(); }
public static async Task Main(string[] args) { var builder = WebAssemblyHostBuilder.CreateDefault(args); builder.RootComponents.Add <App>("app"); builder.Services.AddOidcAuthentication(options => { builder.Configuration.Bind("Auth0", options.ProviderOptions); options.ProviderOptions.ResponseType = "code"; options.ProviderOptions.DefaultScopes.Add("https://schemas.marceloZometa.com/roles"); }); builder.Services.AddScoped <Auth0AuthorizationMessageHandler>(); builder.Services.AddHttpClient <APIService>(hc => hc.BaseAddress = new Uri(builder.Configuration["APIBaseAddress"])) .AddHttpMessageHandler <Auth0AuthorizationMessageHandler>() .SetHandlerLifetime(TimeSpan.FromMinutes(5)) .AddPolicyHandler(GetPolicy()); //builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>() //.CreateClient("APIService")); builder.Services.AddHttpClient <PublicAPIService>(hc => hc.BaseAddress = new Uri(builder.Configuration["APIBaseAddress"])) .SetHandlerLifetime(TimeSpan.FromMinutes(5)) .AddPolicyHandler(GetPolicy()); //builder.Services.AddTransient(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) }); builder.Services.AddScoped <IHtmlSanitizer, HtmlSanitizer>(x => { var sanitizer = new Ganss.XSS.HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); return(sanitizer); }); await builder.Build().RunAsync(); }
public ActionResult Edit(RoomOperation roomOperation) { if (ModelState.IsValid && roomOperation != null) { var s = new HtmlSanitizer(); roomOperation.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); ; if (roomOperation.StartTime >= roomOperation.EndTime) { TempData["Alert"] = "无法完成修改,开始时间晚于结束时间。"; return View(); } if (roomOperation.Edit()) { var user = Extensions.GetContextUser(ref db); var RoomRecords = roomOperation.RoomRecords; if (RoomRecords != null) { var lastRecord = RoomRecords.Where(r => r.ActionTime.AddDays(7.0) > r.RoomOperation.StartTime); if (RoomRecords != null && lastRecord != null) { string title = "场地修改通知"; string content = "您好,你选择的场地[" + roomOperation.Name + "]已被修改,请及时查看相关信息,并根据新的场地信息安排你的日程"; Message message = new Message(title, content, lastRecord.First().Receiver.Id, MessageType.System, db); if (message.Publish()) { return RedirectToAction("Index"); } TempData["Alert"] = "无法给学生发布修改信息"; } } } else TempData["Alert"] = "修改失败!"; } else TempData["Alert"] = "无法修改!对象不存在或无效。"; return RedirectToAction("Index"); }
public string Sanitize(string html) { var sanitizer = new HtmlSanitizer(); return sanitizer.Sanitize(html); }
private string SanitizeHtmlSanitizer(string dirty, AllowHtmlAttribute attribute) { var sanitizer = new HtmlSanitizer( allowedTags: attribute != null ? attribute.AllowedTags : new string[0], allowedSchemes: new string[0], allowedAttributes: new string[0], uriAttributes: new string[0], allowedCssProperties: new string[0]); return sanitizer.Sanitize(dirty, outputFormatter: OutputFormatters.HtmlEncodingNone); }
public HtmlSecuritySanitizer() { this.sanitizer = new HtmlSanitizer(); }
public ActionResult ActivityEdit(ActivityOperation model) { var s = new HtmlSanitizer(); if (ModelState.IsValid) { model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); ; db.ActivityOperations.Attach(model); db.Entry(model).State = System.Data.Entity.EntityState.Modified; db.SaveChanges(); return RedirectToAction("Index", new { status = AdminOperationStatus.Success }); } model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); return View(model); }
public ActionResult EditPost(int? id, int? account_id, string val) { if (Session["User"] == null || id == null || account_id == null || account_id != Convert.ToInt32(Session["User"])) { return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } else { Account a = db.Accounts.Find(Session["User"]); Post p = db.Posts.Find(id); if (a != null && (Session["Elevation"].Equals("Administrator") || p.id == id)) { if (p != null) { var sanitizer = new HtmlSanitizer(); string sanitized = sanitizer.Sanitize(val); p.entry = HttpUtility.HtmlEncode(sanitized); p.editor_id = a.id; db.SaveChanges(); return new HttpStatusCodeResult(HttpStatusCode.OK); } else { return HttpNotFound(); } } else { return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } } }
public ActionResult ArticleEdit(Article model) { var s = new HtmlSanitizer(); if (ModelState.IsValid) { model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); db.Articles.Attach(model); db.Entry(model).State = System.Data.Entity.EntityState.Modified; db.SaveChanges(); TempData["Alert"] = "文章编辑成功!"; return RedirectToAction("Articles"); } model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); ViewData["StatusList"] = EnumExtension.GetSelectList(typeof(ArticleStatus)); ViewData["ClassList"] = EnumExtension.GetSelectList(typeof(ArticleClass)); return View(model); }
/// <summary> /// Sanitizes an HTML string. /// </summary> public string SanitizeHtml(string html) { var sanitizer = new Ganss.XSS.HtmlSanitizer(); return(sanitizer.Sanitize(html)); }
public ActionResult Post(NewPostViewModel npvm) { if (Session["User"] == null) { return RedirectToAction("LoginPage", "Application"); } else if (npvm.id != Convert.ToInt32(Session["User"])) { return RedirectToAction("LoggedInProfile"); } else if (this.ModelState.IsValid) { Post p = new Post(); Account a = db.Accounts.Find(Session["User"]); if (a == null) { return RedirectToAction("LoginPage", "Application"); } else { p.account_id = a.id; var sanitizer = new HtmlSanitizer(); if (npvm.entry == null) { npvm.entry = ""; } string sanitized = sanitizer.Sanitize(npvm.entry); p.entry = HttpUtility.HtmlEncode(sanitized); p.date_posted = DateTime.Now; foreach(LinkedItemViewModel livm in npvm.linked_items.Where(x => x.isChecked == true).ToList()) { LinkedItem li = new LinkedItem(); li.item_id = livm.id; li.post_id = p.id; db.LinkedItems.Add(li); } db.Posts.Add(p); db.SaveChanges(); return RedirectToAction("Boards", "Application"); } } else { return RedirectToAction("Boards", "Application"); } }
public static string Sanitize(this string input) { var htmlSanitizer = new HtmlSanitizer(); var sanitizedHtml = htmlSanitizer.Sanitize(input); return sanitizedHtml; }
public ActionResult ArticleEdit(Article model) { if (ModelState.IsValid) { var s = new HtmlSanitizer(); model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); ; db.Articles.Attach(model); db.Entry(model).State = System.Data.Entity.EntityState.Modified; db.SaveChanges(); return RedirectToAction("Index", new { status = AdminOperationStatus.Success }); } ViewData["StatusList"] = EnumExtension.GetSelectList(typeof(ArticleStatus)); ViewData["ClassList"] = EnumExtension.GetSelectList(typeof(ArticleClass)); return View(); }
public ActionResult ActivityCreate(ActivityOperation model) { var s = new HtmlSanitizer(); if (ModelState.IsValid) { if (model.StartTime > model.EndTime) { ViewData["Alert"] = "活动开始时间必须在结束时间之前。"; model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); return View(model); } model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); model.NewActivity(db); db.ActivityOperations.Add(model); db.SaveChanges(); return RedirectToAction("Index", new { status = AdminOperationStatus.Success }); } model.Content = Server.HtmlDecode(s.Sanitize(Request.Params["ck"])); return View(model); }
public void TestSanitizeSafeString() { var sanitizer = new HtmlSanitizer(); const string safe = "<i>hello</i> there"; Assert.AreEqual(safe, sanitizer.Sanitize(safe)); }
private async Task AddAuctionToDatabase(Auction newAuction) { var sanitizer = new HtmlSanitizer(); newAuction.Description = sanitizer.Sanitize(newAuction.Description); await InsertAuction(newAuction); }