public HtmlFilter(FilterPolicy policy)
{
if (policy == null)
{
throw new Exception();
}
Policy = policy;
}
public CssFilter(FilterPolicy policy)
{
if (policy == null)
{
throw new Exception();
}
Policy = policy;
EmbedStyleSheets = policy.Directive <bool>("embedStyleSheets");
}
public PolicyHtmlTag(FilterPolicy policy, Dictionary <string, PolicyHtmlAttribute> attributes)
{
Policy = policy;
if (attributes != null)
{
foreach (var a in attributes)
{
if (a.Value != null)
{
a.Value.Tag = this;
}
}
this.allowedAttributes = attributes;
}
}
public PolicyCssProperty(FilterPolicy policy, string name) : base(policy, name)
{
}
/// <summary>
/// 实例化一个富文本对象
/// </summary>
/// <param name="text">未被过滤的源文本</param>
/// <param name="policy">过滤的安全策略,如果不提供将启用默认的安全策略</param>
public RichText(string text, FilterPolicy policy = null)
{
this.text = text;
this.policy = policy;
}
/// <summary>
/// 实例化一个富文本对象
/// </summary>
/// <param name="text">未被过滤的源文本</param>
/// <param name="FilterPolicyFilePath">过滤的安全策略文件的物理路径</param>
public RichText(string text, string FilterPolicyFilePath) : this(text, FilterPolicy.GetInstance(FilterPolicyFilePath))
{
}
/// <summary>
/// 实例化一个富文本对象
/// </summary>
/// <param name="text">未被过滤的源文本</param>
/// <param name="FilterPolicyFile">过滤的安全策略文件信息对象</param>
public RichText(string text, FileInfo FilterPolicyFile) : this(text, FilterPolicy.GetInstance(FilterPolicyFile))
{
}
public PolicyAttribute(FilterPolicy policy, string name)
{
Name = name;
Policy = policy;
}
bool Validate(CssAttribute attr)
{
return(attr != null && FilterPolicy.ValidateAttribute(Policy.CssProperty(attr.Name), attr.Value));
}
public CssFilter(string FilterPolicyFilePath) : this(FilterPolicy.GetInstance(FilterPolicyFilePath))
{
}
public CssFilter(FileInfo FilterPolicyFile) : this(FilterPolicy.GetInstance(FilterPolicyFile))
{
}
public CssFilter() : this(FilterPolicy.GetInstance())
{
}
void ValidateAction(HtmlNode node, string tagName, PolicyHtmlTag tag)
{
HtmlNode parentNode = node.ParentNode;
#region 过滤样式
if ("style".Equals(tagName))
{
try
{
node.FirstChild.InnerHtml = CssFilter.Filters(node.FirstChild.InnerHtml);
}
catch
{
parentNode.RemoveChild(node);
}
}
#endregion
#region 过滤属性
for (int currentAttributeIndex = 0; currentAttributeIndex < node.Attributes.Count; currentAttributeIndex++)
{
HtmlAttribute attribute = node.Attributes[currentAttributeIndex];
string name = attribute.Name, _value = attribute.Value;
var attr = tag.AllowedAttribute(name);
#region 如果是白名单之外的属性移除掉
if (attr == null)
{
node.Attributes.Remove(name);
currentAttributeIndex--;
continue;
}
#endregion
#region 元素内嵌样式
if ("style".Equals(name, StringComparison.OrdinalIgnoreCase))
{
try
{
attribute.Value = CssFilter.Filters(_value, true);
}
catch
{
node.Attributes.Remove(name);
currentAttributeIndex--;
}
continue;
}
#endregion
///如果未能通过验证,将执行指定的操作
if (!FilterPolicy.ValidateAttribute(attr, _value))
{
switch (attr.OnInvalid)
{
case PolicyHtmlAttributeOnInvalid.RemoveTag:
//删除当前的元素并退出函数
parentNode.RemoveChild(node);
return;
case PolicyHtmlAttributeOnInvalid.FilterTag:
///删除当前节点,但保留其有效的子节点
PromoteChildren(node);
return;
default:
//删除当前的属性,指针往回调
node.Attributes.Remove(attr.Name);
currentAttributeIndex--;
break;
}
}
}
#endregion
///过滤当前元素的子节点
FiltersTags(node.ChildNodes);
}
public HtmlFilter() : this(FilterPolicy.GetInstance())
{
}
public PolicyHtmlAttribute(FilterPolicy policy, string name, PolicyHtmlTag tag = null)
: base(policy, name)
{
Tag = tag;
}
