/// <summary> /// Instantiates the filter by cloning the allow list of another <see cref="ICodePointFilter"/>. /// </summary> public CodePointFilter([NotNull] ICodePointFilter other) { CodePointFilter otherAsCodePointFilter = other as CodePointFilter; if (otherAsCodePointFilter != null) { _allowedCharsBitmap = otherAsCodePointFilter.GetAllowedCharsBitmap(); } else { _allowedCharsBitmap = AllowedCharsBitmap.CreateNew(); AllowFilter(other); } }
/// <summary> /// Instantiates the filter by cloning the allow list of another <see cref="ICodePointFilter"/>. /// </summary> public CodePointFilter(ICodePointFilter other) { if (other == null) { throw new ArgumentNullException(nameof(other)); } CodePointFilter otherAsCodePointFilter = other as CodePointFilter; if (otherAsCodePointFilter != null) { _allowedCharsBitmap = otherAsCodePointFilter.GetAllowedCharsBitmap(); } else { _allowedCharsBitmap = AllowedCharsBitmap.CreateNew(); AllowFilter(other); } }
/// <summary> /// Instantiates an encoder using a custom allow list of characters. /// </summary> protected UnicodeEncoderBase(CodePointFilter filter, int maxOutputCharsPerInputChar) { _maxOutputCharsPerInputChar = maxOutputCharsPerInputChar; _allowedCharsBitmap = filter.GetAllowedCharsBitmap(); // Forbid characters that are special in HTML. // Even though this is a common encoder used by everybody (including URL // and JavaScript strings), it's unfortunately common for developers to // forget to HTML-encode a string once it has been URL-encoded or // JavaScript string-escaped, so this offers extra protection. ForbidCharacter('<'); ForbidCharacter('>'); ForbidCharacter('&'); ForbidCharacter('\''); // can be used to escape attributes ForbidCharacter('\"'); // can be used to escape attributes ForbidCharacter('+'); // technically not HTML-specific, but can be used to perform UTF7-based attacks // Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed // (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp) _allowedCharsBitmap.ForbidUndefinedCharacters(); }