コード例 #1
0
ファイル: HtmlSanitizer.cs プロジェクト: simplyio/snippet-box
            public static bool IsValidForTag(TagAttribute att, AcceptableTag tag)
            {
                bool result = false;

                if (tag.AcceptableAttributes.Contains(att.Name)) {
                    result = true;
                }

                return result;
            }
コード例 #2
0
ファイル: HtmlSanitizer.cs プロジェクト: simplyio/snippet-box
        private static List<TagAttribute> ParseAttributeList(string input, AcceptableTag tag)
        {
            string temp = input.Substring(tag.Tagname.Length + 1, input.Length - (tag.Tagname.Length + 2));
            if (temp.EndsWith("/"))
                temp = temp.TrimEnd('/');
            temp = temp.Trim();

            List<TagAttribute> result = new List<TagAttribute>();

            bool isParsingAttribute = false;
            bool isParsingAttributeValue = false;

            TagAttribute currentAttribute = null;

            // loop through all characters, splitting of attributes
            for (int i = 0; i < temp.Length; i++) {
                char current = temp[i];

                if (isParsingAttribute) {
                    if (isParsingAttributeValue) {
                        // append the current character
                        currentAttribute.Value += current;

                        // check to see if we're done with the attribute
                        if (currentAttribute.Value.Length >= 2) {
                            if (currentAttribute.Value.EndsWith("\"")) {
                                isParsingAttributeValue = false;
                                isParsingAttribute = false;
                                if (TagAttribute.IsValidForTag(currentAttribute, tag)) {
                                    currentAttribute.Value = currentAttribute.Value.TrimStart('"');
                                    currentAttribute.Value = currentAttribute.Value.TrimEnd('"');

                                    if (currentAttribute.Name == "src" || currentAttribute.Name == "href") {
                                        if (currentAttribute.Value.IndexOf("javascript", StringComparison.InvariantCultureIgnoreCase) > -1) {
                                            currentAttribute.Value = currentAttribute.Value.ToLowerInvariant().Replace("javascript", "");
                                        }

                                        if (currentAttribute.Value.IndexOf("vbscript", StringComparison.InvariantCultureIgnoreCase) > -1) {
                                            currentAttribute.Value = currentAttribute.Value.ToLowerInvariant().Replace("vbscript", "");
                                        }

                                    }

                                    result.Add(currentAttribute);
                                }
                                currentAttribute = null;
                            }
                        }
                    }
                    else {
                        // we're not parsing the value yet so check for "="
                        if (current == '=') {
                            // skip this charater but enable attribute value parsing;
                            isParsingAttributeValue = true;
                        }
                        else {
                            currentAttribute.Name += current;
                        }
                    }
                }
                else {
                    // not parsing right now, check to see if we need to start
                    if (!char.IsWhiteSpace(current)) {
                        // not white space so let's start our attribute name
                        currentAttribute = new TagAttribute(current.ToString(), "");
                        isParsingAttribute = true;
                    }

                }

            }

            return result;
        }