コード例 #1
0
        internal static HtmlSanitizer GetSanitizer(AntiXssPolicy policy)
        {
            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            return(new HtmlSanitizer(policy.AllowedTags, policy.AllowedSchemes, policy.AllowedAttributes, policy.UriAttributes, policy.AllowedCssProperties));
        }
コード例 #2
0
        public static void ApplyPolicy(AntiXssPolicy policy, HttpRequestBase request)
        {
            if (request == null)
            {
                throw new ArgumentNullException(nameof(request));
            }

            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            //RefreshRequestParams(request.Unvalidated.Headers, request.Headers, policy);
            RefreshRequestParams(request.Unvalidated.QueryString, request.QueryString, policy);
            //RefreshRequestParams(request.Unvalidated.Form, request.Form, policy);
        }
コード例 #3
0
 /// <summary>
 /// Set the origin html string safty
 /// </summary>
 /// <param name="originHtmlString"></param>
 /// <param name="policy"></param>
 /// <returns></returns>
 public static string ToSafeHtmlString(this string originHtmlString, AntiXssPolicy policy)
 => AntiXssSanitizer.Sanitize(originHtmlString, policy);
コード例 #4
0
        private static Dictionary <string, string> GetSanitizedDict(NameValueCollection unalidatedColl, AntiXssPolicy policy)
        {
            if (unalidatedColl == null)
            {
                throw new ArgumentNullException(nameof(unalidatedColl));
            }

            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            var sanitizer = GetSanitizer(policy);
            var ret       = new Dictionary <string, string>();

            foreach (var key in unalidatedColl.AllKeys)
            {
                try
                {
                    ret.Add(key, sanitizer.Sanitize(unalidatedColl[key], policy.BaseUrl, policy.OutputFormatter));
                }
                catch
                {
                    ret.Add(key, unalidatedColl[key]);
                }
            }

            return(ret);
        }
コード例 #5
0
        private static void RefreshRequestParams(NameValueCollection unalidatedColl, NameValueCollection coll, AntiXssPolicy policy)
        {
            if (unalidatedColl == null || coll == null || policy == null)
            {
                return;
            }

            var cachedDict = GetSanitizedDict(unalidatedColl, policy);

            SetReturnedRequest(cachedDict, coll);
        }