private void Sanitizer_RemovingAttribute(object sender, RemovingAttributeEventArgs e) { // Don't clean /wiki/Special:Tag urls in href="" attributes if (e.Attribute.Name.ToLower() == "href" && e.Attribute.Value.Contains("Special:")) { e.Cancel = true; } }
private void OnRemovingAttribute(object sender, RemovingAttributeEventArgs e) { if (!e.Attribute.Value.Contains("vbscript:", StringComparison.CurrentCultureIgnoreCase) && !e.Attribute.Value.Contains("javascript:", StringComparison.CurrentCultureIgnoreCase) && !e.Attribute.Value.Contains("data:", StringComparison.CurrentCultureIgnoreCase) && !e.Attribute.Name.StartsWith("on", StringComparison.CurrentCultureIgnoreCase)) { // don't remove the attribute if we've deemed it safe e.Cancel = true; } }
public static bool AllowOnlyClassList(string attributeName, RemovingAttributeEventArgs e, string[] allowedClasses) { if (attributeName == "class") { e.Tag.ClassList.Remove(e.Tag.ClassList.Except(allowedClasses, StringComparer.OrdinalIgnoreCase).ToArray()); e.Cancel = e.Tag.ClassList.Any(); return(true); } else { return(false); } }
public static bool MakeExternalLinksOpenedNewTab(string attributeName, RemovingAttributeEventArgs e, string siteUrl) { if (attributeName == "href") { var href = e.Attribute.Value; if (!href.StartsWith(siteUrl) && (href.StartsWith("http") || href.StartsWith("https") || href.StartsWith("ftp"))) { if (!e.Tag.Attributes.Any(x => x.Name.ToLower() == "target")) { e.Tag.SetAttribute("target", "_blank"); } } e.Cancel = true; return(true); } return(false); }
private void OnRemovingAttribute(object s, RemovingAttributeEventArgs e) { var attributeName = e.Attribute.Name.ToLower(); AllowOnlyClassList(attributeName, e, options.AllowedClassesArr); }
private void ForumSanitizer_RemovingAttribute_Forum(object s, RemovingAttributeEventArgs e) { var attributeName = e.Attribute.Name.ToLower(); var _ = SanitizerBlocksAttributes.AllowOnlyClassList(attributeName, e, allowedClasses) || SanitizerBlocksAttributes.MakeExternalLinksOpenedNewTab(attributeName, e, siteUrl); }