public void ForbidUndefinedCharacters_RemovesUndefinedChars()
{
// Arrange
// We only allow odd-numbered characters in this test so that
// we can validate that we properly merged the two bitmaps together
// rather than simply overwriting the target.
var bitmap = AllowedCharsBitmap.CreateNew();
for (int i = 1; i <= Char.MaxValue; i += 2)
{
bitmap.AllowCharacter((char)i);
}
// Act
bitmap.ForbidUndefinedCharacters();
// Assert
for (int i = 0; i <= Char.MaxValue; i++)
{
if (i % 2 == 0)
{
Assert.False(bitmap.IsCharacterAllowed((char)i)); // these chars were never allowed in the original description
}
else
{
Assert.Equal(UnicodeHelpers.IsCharacterDefined((char)i), bitmap.IsCharacterAllowed((char)i));
}
}
}
public void Ctor_EmptyByDefault()
{
// Act
var bitmap = AllowedCharsBitmap.CreateNew();
// Assert
for (int i = 0; i <= Char.MaxValue; i++)
{
Assert.False(bitmap.IsCharacterAllowed((char)i));
}
}
public void Clone_MakesDeepCopy()
{
// Arrange
var originalBitmap = AllowedCharsBitmap.CreateNew();
originalBitmap.AllowCharacter('x');
// Act
var clonedBitmap = originalBitmap.Clone();
clonedBitmap.AllowCharacter('y');
// Assert
Assert.True(originalBitmap.IsCharacterAllowed('x'));
Assert.False(originalBitmap.IsCharacterAllowed('y'));
Assert.True(clonedBitmap.IsCharacterAllowed('x'));
Assert.True(clonedBitmap.IsCharacterAllowed('y'));
}
/// <summary>
/// Instantiates the filter by cloning the allow list of another <see cref="ICodePointFilter"/>.
/// </summary>
public CodePointFilter(ICodePointFilter other)
{
if (other == null)
{
throw new ArgumentNullException(nameof(other));
}
CodePointFilter otherAsCodePointFilter = other as CodePointFilter;
if (otherAsCodePointFilter != null)
{
_allowedCharsBitmap = otherAsCodePointFilter.GetAllowedCharsBitmap();
}
else
{
_allowedCharsBitmap = AllowedCharsBitmap.CreateNew();
AllowFilter(other);
}
}
public void Clear_ForbidsEverything()
{
// Arrange
var bitmap = AllowedCharsBitmap.CreateNew();
for (int i = 1; i <= Char.MaxValue; i++)
{
bitmap.AllowCharacter((char)i);
}
// Act
bitmap.Clear();
// Assert
for (int i = 0; i <= Char.MaxValue; i++)
{
Assert.False(bitmap.IsCharacterAllowed((char)i));
}
}
/// <summary>
/// Instantiates the filter by cloning the allow list of another <see cref="ICodePointFilter"/>.
/// </summary>
public CodePointFilter(ICodePointFilter other)
{
if (other == null)
{
throw new ArgumentNullException(nameof(other));
}
CodePointFilter otherAsCodePointFilter = other as CodePointFilter;
if (otherAsCodePointFilter != null)
{
_allowedCharsBitmap = otherAsCodePointFilter.GetAllowedCharsBitmap();
}
else
{
_allowedCharsBitmap = AllowedCharsBitmap.CreateNew();
AllowFilter(other);
}
}
/// <summary>
/// Instantiates an encoder using a custom allow list of characters.
/// </summary>
protected UnicodeEncoderBase(CodePointFilter filter, int maxOutputCharsPerInputChar)
{
_maxOutputCharsPerInputChar = maxOutputCharsPerInputChar;
_allowedCharsBitmap = filter.GetAllowedCharsBitmap();
// Forbid characters that are special in HTML.
// Even though this is a common encoder used by everybody (including URL
// and JavaScript strings), it's unfortunately common for developers to
// forget to HTML-encode a string once it has been URL-encoded or
// JavaScript string-escaped, so this offers extra protection.
ForbidCharacter('<');
ForbidCharacter('>');
ForbidCharacter('&');
ForbidCharacter('\''); // can be used to escape attributes
ForbidCharacter('\"'); // can be used to escape attributes
ForbidCharacter('+'); // technically not HTML-specific, but can be used to perform UTF7-based attacks
// Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
// (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
_allowedCharsBitmap.ForbidUndefinedCharacters();
}
/// <summary>
/// Instantiates an encoder using a custom allow list of characters.
/// </summary>
protected UnicodeEncoderBase(CodePointFilter filter, int maxOutputCharsPerInputChar)
{
_maxOutputCharsPerInputChar = maxOutputCharsPerInputChar;
_allowedCharsBitmap = filter.GetAllowedCharsBitmap();
// Forbid characters that are special in HTML.
// Even though this is a common encoder used by everybody (including URL
// and JavaScript strings), it's unfortunately common for developers to
// forget to HTML-encode a string once it has been URL-encoded or
// JavaScript string-escaped, so this offers extra protection.
ForbidCharacter('<');
ForbidCharacter('>');
ForbidCharacter('&');
ForbidCharacter('\''); // can be used to escape attributes
ForbidCharacter('\"'); // can be used to escape attributes
ForbidCharacter('+'); // technically not HTML-specific, but can be used to perform UTF7-based attacks
// Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
// (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
_allowedCharsBitmap.ForbidUndefinedCharacters();
}
public void Allow_Forbid_ZigZag()
{
// Arrange
var bitmap = AllowedCharsBitmap.CreateNew();
// Act
// The only chars which are allowed are those whose code points are multiples of 3 or 7
// who aren't also multiples of 5. Exception: multiples of 35 are allowed.
for (int i = 0; i <= Char.MaxValue; i += 3)
{
bitmap.AllowCharacter((char)i);
}
for (int i = 0; i <= Char.MaxValue; i += 5)
{
bitmap.ForbidCharacter((char)i);
}
for (int i = 0; i <= Char.MaxValue; i += 7)
{
bitmap.AllowCharacter((char)i);
}
// Assert
for (int i = 0; i <= Char.MaxValue; i++)
{
bool isAllowed = false;
if (i % 3 == 0)
{
isAllowed = true;
}
if (i % 5 == 0)
{
isAllowed = false;
}
if (i % 7 == 0)
{
isAllowed = true;
}
Assert.Equal(isAllowed, bitmap.IsCharacterAllowed((char)i));
}
}
/// <summary>
/// Instantiates the filter where only the character ranges specified by <paramref name="allowedRanges"/>
/// are allowed by the filter.
/// </summary>
public CodePointFilter(params UnicodeRange[] allowedRanges)
{
_allowedCharsBitmap = AllowedCharsBitmap.CreateNew();
AllowRanges(allowedRanges);
}
/// <summary>
/// Instantiates an empty filter (allows no code points through by default).
/// </summary>
public CodePointFilter()
{
_allowedCharsBitmap = AllowedCharsBitmap.CreateNew();
}
/// <summary>
/// Instantiates the filter where only the character ranges specified by <paramref name="allowedRanges"/>
/// are allowed by the filter.
/// </summary>
public CodePointFilter(params UnicodeRange[] allowedRanges)
{
_allowedCharsBitmap = AllowedCharsBitmap.CreateNew();
AllowRanges(allowedRanges);
}
/// <summary>
/// Instantiates an empty filter (allows no code points through by default).
/// </summary>
public CodePointFilter()
{
_allowedCharsBitmap = AllowedCharsBitmap.CreateNew();
}
