/// <summary> /// Sanitize source html /// </summary> /// <param name="source"></param> /// <param name="policy"></param> /// <returns></returns> public string Sanitize(string source, AntiXssPolicy policy) { if (string.IsNullOrWhiteSpace(source)) { throw new ArgumentNullException(nameof(source)); } if (policy == null) { throw new ArgumentNullException(nameof(policy)); } var sanitizer = new HtmlSanitizer(policy.AllowedTags, policy.AllowedSchemes, policy.AllowedAttributes, policy.UriAttributes, policy.AllowedCssProperties); return(sanitizer.Sanitize(source, policy.BaseUrl, policy.OutputFormatter)); }
private AntiXssPolicyBuilder Combine(AntiXssPolicy policy) { if (policy == null) { throw new ArgumentNullException(nameof(policy)); } WithTags(policy.AllowedTags.ToArray()); WithSchemes(policy.AllowedSchemes.ToArray()); WithAttributes(policy.AllowedAttributes.ToArray()); WithUriAttributes(policy.UriAttributes.ToArray()); WithCssProperties(policy.AllowedCssProperties.ToArray()); WithBaseUrl(policy.BaseUrl); WithOutputFormatter(policy.OutputFormatter); return(this); }
private static string Sanitizer(string originHtmlString, AntiXss antiXss, AntiXssPolicy policy = null) { return(policy == null?antiXss.Sanitize(originHtmlString) : antiXss.Sanitize(originHtmlString, policy)); }
/// <summary> /// Creates a new instance of the <see cref="AntiXssPolicyBuilder"/>. /// </summary> /// <param name="policy">The policy which will be used to intialize the builder.</param> public AntiXssPolicyBuilder(AntiXssPolicy policy) { Combine(policy); }