public void OnMetadataCreated_ThrowsIfMetadataIsNull() { // Arrange AllowHtmlAttribute attr = new AllowHtmlAttribute(); // Act & assert Assert.ThrowsArgumentNull( delegate { attr.OnMetadataCreated(null); }, "metadata"); }
private string SanitizeHtmlSanitizer(string dirty, AllowHtmlAttribute attribute) { var sanitizer = new HtmlSanitizer( allowedTags: attribute != null ? attribute.AllowedTags : new string[0], allowedSchemes: new string[0], allowedAttributes: new string[0], uriAttributes: new string[0], allowedCssProperties: new string[0]); return(sanitizer.Sanitize(dirty, outputFormatter: OutputFormatters.HtmlEncodingNone)); }
public void OnMetadataCreated_ThrowsIfMetadataIsNull() { // Arrange AllowHtmlAttribute attr = new AllowHtmlAttribute(); // Act & assert ExceptionHelper.ExpectArgumentNullException( delegate { attr.OnMetadataCreated(null); }, "metadata"); }
public void OnMetadataCreated() { // Arrange ModelMetadata modelMetadata = new ModelMetadata(new Mock<ModelMetadataProvider>().Object, null, null, typeof(object), "SomeProperty"); AllowHtmlAttribute attr = new AllowHtmlAttribute(); // Act bool originalValue = modelMetadata.RequestValidationEnabled; attr.OnMetadataCreated(modelMetadata); bool newValue = modelMetadata.RequestValidationEnabled; // Assert Assert.True(originalValue); Assert.False(newValue); }
public void OnMetadataCreated() { // Arrange ModelMetadata modelMetadata = new ModelMetadata(new Mock <ModelMetadataProvider>().Object, null, null, typeof(object), "SomeProperty"); AllowHtmlAttribute attr = new AllowHtmlAttribute(); // Act bool originalValue = modelMetadata.RequestValidationEnabled; attr.OnMetadataCreated(modelMetadata); bool newValue = modelMetadata.RequestValidationEnabled; // Assert Assert.True(originalValue); Assert.False(newValue); }
public void OnMetadataCreated() { // Arrange ModelMetadata modelMetadata = new ModelMetadata(new Mock <ModelMetadataProvider>().Object, null, null, typeof(object), "SomeProperty"); AllowHtmlAttribute attr = new AllowHtmlAttribute(); // Act bool originalValue = modelMetadata.RequestValidationEnabled; attr.OnMetadataCreated(modelMetadata); bool newValue = modelMetadata.RequestValidationEnabled; // Assert Assert.IsTrue(originalValue, "RequestValidationEnabled should have defaulted to 'true'."); Assert.IsFalse(newValue, "RequestValidationEnabled should have been set to 'false' by this attribute."); }
private string Sanitize(string dirty, AllowHtmlAttribute attribute, XssStrategy strategy) { switch (strategy) { case XssStrategy.AspNet: throw new NotImplementedException(); case XssStrategy.HtmlSanitizer: return(SanitizeHtmlSanitizer(dirty, attribute)); case XssStrategy.AntiXss: return(SanitizeAntiXss(dirty, attribute)); default: throw new NotImplementedException(); } }
private string SanitizeAntiXss(string dirty, AllowHtmlAttribute attribute) { if (attribute != null) { return(dirty); } var sanitized = Sanitizer.GetSafeHtmlFragment(dirty); if (!dirty.Equals(sanitized)) { // Revert HTML encoded special characters sanitized = sanitized.Replace("<", "<"); sanitized = sanitized.Replace(">", ">"); sanitized = sanitized.Replace("&", "&"); sanitized = sanitized.Replace(""", "\""); } return(sanitized); }
private string SanitizeAntiXss(string dirty, AllowHtmlAttribute attribute) { if (attribute != null) return dirty; var sanitized = Sanitizer.GetSafeHtmlFragment(dirty); if (!dirty.Equals(sanitized)) { // Revert HTML encoded special characters sanitized = sanitized.Replace("<", "<"); sanitized = sanitized.Replace(">", ">"); sanitized = sanitized.Replace("&", "&"); sanitized = sanitized.Replace(""", "\""); } return sanitized; }
private string SanitizeHtmlSanitizer(string dirty, AllowHtmlAttribute attribute) { var sanitizer = new HtmlSanitizer( allowedTags: attribute != null ? attribute.AllowedTags : new string[0], allowedSchemes: new string[0], allowedAttributes: new string[0], uriAttributes: new string[0], allowedCssProperties: new string[0]); return sanitizer.Sanitize(dirty, outputFormatter: OutputFormatters.HtmlEncodingNone); }
private string Sanitize(string dirty, AllowHtmlAttribute attribute, XssStrategy strategy) { switch (strategy) { case XssStrategy.AspNet: throw new NotImplementedException(); case XssStrategy.HtmlSanitizer: return SanitizeHtmlSanitizer(dirty, attribute); case XssStrategy.AntiXss: return SanitizeAntiXss(dirty, attribute); default: throw new NotImplementedException(); } }
public HtmlSanitizerModelValidator(IEnumerable<ModelValidatorProvider> validatorProviders, AllowHtmlAttribute attribute) : base(validatorProviders) { _attribute = attribute; }
public HtmlSanitizerModelValidator(IEnumerable <ModelValidatorProvider> validatorProviders, AllowHtmlAttribute attribute) : base(validatorProviders) { _attribute = attribute; }