/// <summary>
/// Sanitize source html
/// </summary>
/// <param name="source"></param>
/// <param name="policy"></param>
/// <returns></returns>
public string Sanitize(string source, AntiXssPolicy policy)
{
if (string.IsNullOrWhiteSpace(source))
{
throw new ArgumentNullException(nameof(source));
}
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
var sanitizer = new HtmlSanitizer(policy.AllowedTags, policy.AllowedSchemes, policy.AllowedAttributes, policy.UriAttributes, policy.AllowedCssProperties);
return(sanitizer.Sanitize(source, policy.BaseUrl, policy.OutputFormatter));
}
private AntiXssPolicyBuilder Combine(AntiXssPolicy policy)
{
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
WithTags(policy.AllowedTags.ToArray());
WithSchemes(policy.AllowedSchemes.ToArray());
WithAttributes(policy.AllowedAttributes.ToArray());
WithUriAttributes(policy.UriAttributes.ToArray());
WithCssProperties(policy.AllowedCssProperties.ToArray());
WithBaseUrl(policy.BaseUrl);
WithOutputFormatter(policy.OutputFormatter);
return(this);
}
private static string Sanitizer(string originHtmlString, AntiXss antiXss, AntiXssPolicy policy = null)
{
return(policy == null?antiXss.Sanitize(originHtmlString) : antiXss.Sanitize(originHtmlString, policy));
}
/// <summary>
/// Creates a new instance of the <see cref="AntiXssPolicyBuilder"/>.
/// </summary>
/// <param name="policy">The policy which will be used to intialize the builder.</param>
public AntiXssPolicyBuilder(AntiXssPolicy policy)
{
Combine(policy);
}
