public void Ctor_UnicodeRanges()
{
// Act
var filter = new TextEncoderSettings(UnicodeRanges.LatinExtendedA, UnicodeRanges.LatinExtendedC);
// Assert
for (int i = 0; i < 0x0100; i++)
{
Assert.False(filter.IsCharacterAllowed((char)i));
}
for (int i = 0x0100; i <= 0x017F; i++)
{
Assert.True(filter.IsCharacterAllowed((char)i));
}
for (int i = 0x0180; i < 0x2C60; i++)
{
Assert.False(filter.IsCharacterAllowed((char)i));
}
for (int i = 0x2C60; i <= 0x2C7F; i++)
{
Assert.True(filter.IsCharacterAllowed((char)i));
}
for (int i = 0x2C80; i <= Char.MaxValue; i++)
{
Assert.False(filter.IsCharacterAllowed((char)i));
}
}
public DefaultJavaScriptEncoder(TextEncoderSettings filter)
{
if (filter == null)
{
throw new ArgumentNullException(nameof(filter));
}
_allowedCharacters = filter.GetAllowedCharacters();
// Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
// (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
_allowedCharacters.ForbidUndefinedCharacters();
// Forbid characters that are special in HTML.
// Even though this is a not HTML encoder,
// it's unfortunately common for developers to
// forget to HTML-encode a string once it has been JS-encoded,
// so this offers extra protection.
DefaultHtmlEncoder.ForbidHtmlCharacters(_allowedCharacters);
_allowedCharacters.ForbidCharacter('\\');
_allowedCharacters.ForbidCharacter('/');
// Forbid GRAVE ACCENT \u0060 character.
_allowedCharacters.ForbidCharacter('`');
}
public void Ctor_OtherTextEncoderSettingsAsInterface()
{
// Arrange
var originalFilter = new OddTextEncoderSettings();
// Act
var newFilter = new TextEncoderSettings(originalFilter);
// Assert
for (int i = 0; i <= Char.MaxValue; i++)
{
Assert.Equal((i % 2) == 1, newFilter.IsCharacterAllowed((char)i));
}
}
public DefaultHtmlEncoder(TextEncoderSettings filter)
{
if (filter == null)
{
throw new ArgumentNullException("filter");
}
_allowedCharacters = filter.GetAllowedCharacters();
// Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
// (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
_allowedCharacters.ForbidUndefinedCharacters();
ForbidHtmlCharacters(_allowedCharacters);
}
public void Ctor_OtherTextEncoderSettingsAsConcreteType_Clones()
{
// Arrange
var originalFilter = new TextEncoderSettings();
originalFilter.AllowCharacter('x');
// Act
var newFilter = new TextEncoderSettings(originalFilter);
newFilter.AllowCharacter('y');
// Assert
Assert.True(originalFilter.IsCharacterAllowed('x'));
Assert.False(originalFilter.IsCharacterAllowed('y'));
Assert.True(newFilter.IsCharacterAllowed('x'));
Assert.True(newFilter.IsCharacterAllowed('y'));
}
public void Ctor_WithCustomFilters()
{
// Arrange
var filter = new TextEncoderSettings();
filter.AllowCharacters('a', 'b');
filter.AllowCharacters('\0', '&', '\uFFFF', 'd');
UnicodeEncoderBase encoder = new CustomUnicodeEncoderBase(filter);
// Act & assert
Assert.Equal("a", encoder.Encode("a"));
Assert.Equal("b", encoder.Encode("b"));
Assert.Equal("[U+0063]", encoder.Encode("c"));
Assert.Equal("d", encoder.Encode("d"));
Assert.Equal("[U+0000]", encoder.Encode("\0")); // we still always encode control chars
Assert.Equal("[U+0026]", encoder.Encode("&")); // we still always encode HTML-special chars
Assert.Equal("[U+FFFF]", encoder.Encode("\uFFFF")); // we still always encode non-chars and other forbidden chars
}
public void Ctor_WithTextEncoderSettings()
{
// Arrange
var filter = new TextEncoderSettings();
filter.AllowCharacters('a', 'b');
filter.AllowCharacters('\0', '&', '\uFFFF', 'd');
UrlEncoder encoder = new UrlEncoder(filter);
// Act & assert
Assert.Equal("a", encoder.UrlEncode("a"));
Assert.Equal("b", encoder.UrlEncode("b"));
Assert.Equal("%63", encoder.UrlEncode("c"));
Assert.Equal("d", encoder.UrlEncode("d"));
Assert.Equal("%00", encoder.UrlEncode("\0")); // we still always encode control chars
Assert.Equal("%26", encoder.UrlEncode("&")); // we still always encode HTML-special chars
Assert.Equal("%EF%BF%BF", encoder.UrlEncode("\uFFFF")); // we still always encode non-chars and other forbidden chars
}
/// <summary>
/// Instantiates an encoder using a custom allow list of characters.
/// </summary>
protected UnicodeEncoderBase(TextEncoderSettings filter, int maxOutputCharsPerInputChar)
{
_maxOutputCharsPerInputChar = maxOutputCharsPerInputChar;
_allowedCharacters = filter.GetAllowedCharacters();
// Forbid characters that are special in HTML.
// Even though this is a common encoder used by everybody (including URL
// and JavaScript strings), it's unfortunately common for developers to
// forget to HTML-encode a string once it has been URL-encoded or
// JavaScript string-escaped, so this offers extra protection.
ForbidCharacter('<');
ForbidCharacter('>');
ForbidCharacter('&');
ForbidCharacter('\''); // can be used to escape attributes
ForbidCharacter('\"'); // can be used to escape attributes
ForbidCharacter('+'); // technically not HTML-specific, but can be used to perform UTF7-based attacks
// Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
// (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
_allowedCharacters.ForbidUndefinedCharacters();
}
/// <summary>
/// Instantiates an encoder using a custom code point filter. Any character not in the
/// set returned by <paramref name="settings"/>'s <see cref="TextEncoderSettings.GetAllowedCodePoints"/>
/// method will be escaped.
/// </summary>
public JavaScriptStringEncoderOld(TextEncoderSettings settings)
: this(new JavaScriptStringUnicodeEncoder(settings))
{
}
public void Ctor_Parameterless_CreatesEmptyFilter()
{
var filter = new TextEncoderSettings();
Assert.Equal(0, filter.GetAllowedCodePoints().Count());
}
/// <summary>
/// Creates a new instance of JavaScriptEncoder with provided settings.
/// </summary>
/// <param name="settings">Settings used to control how the created <see cref="JavaScriptEncoder"/> encodes, primarily which characters to encode.</param>
/// <returns>A new instance of the <see cref="JavaScriptEncoder"/>.</returns>
public static JavaScriptEncoder Create(TextEncoderSettings settings)
{
return(new DefaultJavaScriptEncoder(settings));
}
/// <summary>
/// Instantiates the filter by cloning the allow list of another <see cref="TextEncoderSettings"/>.
/// </summary>
public TextEncoderSettings(TextEncoderSettings other)
{
_allowedCharactersBitmap = AllowedCharactersBitmap.CreateNew();
AllowCodePoints(other.GetAllowedCodePoints());
}
internal UrlUnicodeEncoder(TextEncoderSettings filter)
: base(filter, MaxOutputCharsPerInputChar)
{
// Per RFC 3987, Sec. 2.2, we want encodings that are safe for
// four particular components: 'isegment', 'ipath-noscheme',
// 'iquery', and 'ifragment'. The relevant definitions are below.
//
// ipath-noscheme = isegment-nz-nc *( "/" isegment )
//
// isegment = *ipchar
//
// isegment-nz-nc = 1*( iunreserved / pct-encoded / sub-delims
// / "@" )
// ; non-zero-length segment without any colon ":"
//
// ipchar = iunreserved / pct-encoded / sub-delims / ":"
// / "@"
//
// iquery = *( ipchar / iprivate / "/" / "?" )
//
// ifragment = *( ipchar / "/" / "?" )
//
// iunreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" / ucschar
//
// ucschar = %xA0-D7FF / %xF900-FDCF / %xFDF0-FFEF
// / %x10000-1FFFD / %x20000-2FFFD / %x30000-3FFFD
// / %x40000-4FFFD / %x50000-5FFFD / %x60000-6FFFD
// / %x70000-7FFFD / %x80000-8FFFD / %x90000-9FFFD
// / %xA0000-AFFFD / %xB0000-BFFFD / %xC0000-CFFFD
// / %xD0000-DFFFD / %xE1000-EFFFD
//
// pct-encoded = "%" HEXDIG HEXDIG
//
// sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
// / "*" / "+" / "," / ";" / "="
//
// The only common characters between these four components are the
// intersection of 'isegment-nz-nc' and 'ipchar', which is really
// just 'isegment-nz-nc' (colons forbidden).
//
// From this list, the base encoder already forbids "&", "'", "+",
// and we'll additionally forbid "=" since it has special meaning
// in x-www-form-urlencoded representations.
//
// This means that the full list of allowed characters from the
// Basic Latin set is:
// ALPHA / DIGIT / "-" / "." / "_" / "~" / "!" / "$" / "(" / ")" / "*" / "," / ";" / "@"
const string forbiddenChars = @" #%/:=?[\]^`{|}"; // chars from Basic Latin which aren't already disallowed by the base encoder
foreach (char c in forbiddenChars)
{
ForbidCharacter(c);
}
// Specials (U+FFF0 .. U+FFFF) are forbidden by the definition of 'ucschar' above
for (int i = 0; i < 16; i++)
{
ForbidCharacter((char)(0xFFF0 | i));
}
// Supplementary characters are forbidden anyway by the base encoder
}
/// <summary>
/// Creates a new instance of JavaScriptEncoder with provided settings.
/// </summary>
/// <param name="settings">Settings used to control how the created <see cref="JavaScriptEncoder"/> encodes, primarily which characters to encode.</param>
/// <returns>A new instance of the <see cref="JavaScriptEncoder"/>.</returns>
public static JavaScriptEncoder Create(TextEncoderSettings settings)
{
return new DefaultJavaScriptEncoder(settings);
}
public DefaultUrlEncoder(TextEncoderSettings filter)
{
if (filter == null)
{
throw new ArgumentNullException(nameof(filter));
}
_allowedCharacters = filter.GetAllowedCharacters();
// Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
// (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
_allowedCharacters.ForbidUndefinedCharacters();
// Forbid characters that are special in HTML.
// Even though this is a not HTML encoder,
// it's unfortunately common for developers to
// forget to HTML-encode a string once it has been URL-encoded,
// so this offers extra protection.
DefaultHtmlEncoder.ForbidHtmlCharacters(_allowedCharacters);
// Per RFC 3987, Sec. 2.2, we want encodings that are safe for
// four particular components: 'isegment', 'ipath-noscheme',
// 'iquery', and 'ifragment'. The relevant definitions are below.
//
// ipath-noscheme = isegment-nz-nc *( "/" isegment )
//
// isegment = *ipchar
//
// isegment-nz-nc = 1*( iunreserved / pct-encoded / sub-delims
// / "@" )
// ; non-zero-length segment without any colon ":"
//
// ipchar = iunreserved / pct-encoded / sub-delims / ":"
// / "@"
//
// iquery = *( ipchar / iprivate / "/" / "?" )
//
// ifragment = *( ipchar / "/" / "?" )
//
// iunreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" / ucschar
//
// ucschar = %xA0-D7FF / %xF900-FDCF / %xFDF0-FFEF
// / %x10000-1FFFD / %x20000-2FFFD / %x30000-3FFFD
// / %x40000-4FFFD / %x50000-5FFFD / %x60000-6FFFD
// / %x70000-7FFFD / %x80000-8FFFD / %x90000-9FFFD
// / %xA0000-AFFFD / %xB0000-BFFFD / %xC0000-CFFFD
// / %xD0000-DFFFD / %xE1000-EFFFD
//
// pct-encoded = "%" HEXDIG HEXDIG
//
// sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
// / "*" / "+" / "," / ";" / "="
//
// The only common characters between these four components are the
// intersection of 'isegment-nz-nc' and 'ipchar', which is really
// just 'isegment-nz-nc' (colons forbidden).
//
// From this list, the base encoder already forbids "&", "'", "+",
// and we'll additionally forbid "=" since it has special meaning
// in x-www-form-urlencoded representations.
//
// This means that the full list of allowed characters from the
// Basic Latin set is:
// ALPHA / DIGIT / "-" / "." / "_" / "~" / "!" / "$" / "(" / ")" / "*" / "," / ";" / "@"
const string forbiddenChars = @" #%/:=?[\]^`{|}"; // chars from Basic Latin which aren't already disallowed by the base encoder
foreach (char character in forbiddenChars)
{
_allowedCharacters.ForbidCharacter(character);
}
// Specials (U+FFF0 .. U+FFFF) are forbidden by the definition of 'ucschar' above
for (int i = 0; i < 16; i++)
{
_allowedCharacters.ForbidCharacter((char)(0xFFF0 | i));
}
}
public void AllowChar()
{
// Arrange
var filter = new TextEncoderSettings();
filter.AllowCharacter('\u0100');
// Assert
Assert.True(filter.IsCharacterAllowed('\u0100'));
Assert.False(filter.IsCharacterAllowed('\u0101'));
}
public void AllowRange()
{
// Arrange
var filter = new TextEncoderSettings();
filter.AllowRange(UnicodeRanges.LatinExtendedA);
// Assert
for (int i = 0; i < 0x0100; i++)
{
Assert.False(filter.IsCharacterAllowed((char)i));
}
for (int i = 0x0100; i <= 0x017F; i++)
{
Assert.True(filter.IsCharacterAllowed((char)i));
}
for (int i = 0x0180; i <= Char.MaxValue; i++)
{
Assert.False(filter.IsCharacterAllowed((char)i));
}
}
public void AllowFilter()
{
// Arrange
var filter = new TextEncoderSettings(UnicodeRanges.BasicLatin);
filter.AllowCodePoints(new OddTextEncoderSettings().GetAllowedCodePoints());
// Assert
for (int i = 0; i <= 0x007F; i++)
{
Assert.True(filter.IsCharacterAllowed((char)i));
}
for (int i = 0x0080; i <= Char.MaxValue; i++)
{
Assert.Equal((i % 2) == 1, filter.IsCharacterAllowed((char)i));
}
}
public void GetAllowedCodePoints()
{
// Arrange
var expected = Enumerable.Range(UnicodeRanges.BasicLatin.FirstCodePoint, UnicodeRanges.BasicLatin.Length)
.Concat(Enumerable.Range(UnicodeRanges.Specials.FirstCodePoint, UnicodeRanges.Specials.Length))
.Except(new int[] { 'x' })
.OrderBy(i => i)
.ToArray();
var filter = new TextEncoderSettings(UnicodeRanges.BasicLatin, UnicodeRanges.Specials);
filter.ForbidCharacter('x');
// Act
var retVal = filter.GetAllowedCodePoints().OrderBy(i => i).ToArray();
// Assert
Assert.Equal<int>(expected, retVal);
}
public void ForbidRanges()
{
// Arrange
var filter = new TextEncoderSettings(new OddTextEncoderSettings());
filter.ForbidRanges(UnicodeRanges.BasicLatin, UnicodeRanges.Specials);
// Assert
for (int i = 0; i <= 0x007F; i++)
{
Assert.False(filter.IsCharacterAllowed((char)i));
}
for (int i = 0x0080; i <= 0xFFEF; i++)
{
Assert.Equal((i % 2) == 1, filter.IsCharacterAllowed((char)i));
}
for (int i = 0xFFF0; i <= Char.MaxValue; i++)
{
Assert.False(filter.IsCharacterAllowed((char)i));
}
}
public void ForbidChars_String()
{
// Arrange
var filter = new TextEncoderSettings(UnicodeRanges.BasicLatin);
filter.ForbidCharacters('x', 'z');
// Assert
Assert.True(filter.IsCharacterAllowed('w'));
Assert.False(filter.IsCharacterAllowed('x'));
Assert.True(filter.IsCharacterAllowed('y'));
Assert.False(filter.IsCharacterAllowed('z'));
}
internal JavaScriptStringUnicodeEncoder(TextEncoderSettings filter)
: base(filter, MaxOutputCharsPerInputChar)
{
// The only interesting characters above and beyond what the base encoder
// already covers are the solidus and reverse solidus.
ForbidCharacter('\\');
ForbidCharacter('/');
}
public void ConfigureServices(IServiceCollection services)
{
services.Configure<AppSettings>(Configuration);
// We re-register the Scenarios as an instance singleton here to avoid it being created again due to the
// registration done in Program.Main
services.AddSingleton(Scenarios);
// Common DB services
services.AddSingleton<IRandom, DefaultRandom>();
services.AddSingleton<ApplicationDbSeeder>();
services.AddEntityFrameworkSqlServer()
.AddDbContext<ApplicationDbContext>();
if (Scenarios.Any("Raw") || Scenarios.Any("Dapper"))
{
services.AddSingleton<DbProviderFactory>((provider) => {
var settings = provider.GetRequiredService<IOptions<AppSettings>>().Value;
if (settings.Database == DatabaseServer.PostgreSql)
{
return NpgsqlFactory.Instance;
}
else
{
return SqlClientFactory.Instance;
}
});
}
if (Scenarios.Any("Ef"))
{
services.AddScoped<EfDb>();
}
if (Scenarios.Any("Raw"))
{
services.AddScoped<RawDb>();
}
if (Scenarios.Any("Dapper"))
{
services.AddScoped<DapperDb>();
}
if (Scenarios.Any("Fortunes"))
{
var settings = new TextEncoderSettings(UnicodeRanges.BasicLatin, UnicodeRanges.Katakana, UnicodeRanges.Hiragana);
settings.AllowCharacter('\u2014'); // allow EM DASH through
services.AddWebEncoders((options) =>
{
options.TextEncoderSettings = settings;
});
}
if (Scenarios.Any("Mvc"))
{
var mvcBuilder = services
.AddMvcCore()
//.AddApplicationPart(typeof(Startup).GetTypeInfo().Assembly)
.AddControllersAsServices();
if (Scenarios.MvcJson || Scenarios.Any("MvcDbSingle") || Scenarios.Any("MvcDbMulti"))
{
mvcBuilder.AddJsonFormatters();
}
if (Scenarios.MvcViews || Scenarios.Any("MvcDbFortunes"))
{
mvcBuilder
.AddViews()
.AddRazorViewEngine();
}
}
}
/// <summary>
/// Instantiates an encoder using a custom code point filter. Any character not in the
/// set returned by <paramref name="settings"/>'s <see cref="TextEncoderSettings.GetAllowedCodePoints"/>
/// method will be escaped.
/// </summary>
public UrlEncoderOld(TextEncoderSettings settings)
: this(new UrlUnicodeEncoder(settings))
{
}
/// <summary>
/// Instantiates the filter by cloning the allow list of another <see cref="TextEncoderSettings"/>.
/// </summary>
public TextEncoderSettings(TextEncoderSettings other)
{
_allowedCharactersBitmap = AllowedCharactersBitmap.CreateNew();
AllowCodePoints(other.GetAllowedCodePoints());
}
/// <summary>
/// Instantiates an encoder using a custom code point filter. Any character not in the
/// set returned by <paramref name="settings"/>'s <see cref="TextEncoderSettings.GetAllowedCodePoints"/>
/// method will be escaped.
/// </summary>
public HtmlEncoderOld(TextEncoderSettings settings)
: this(new HtmlUnicodeEncoder(settings))
{
}
// We pass a (known bad) value of 1 for 'max output chars per input char',
// which also tests that the code behaves properly even if the original
// estimate is incorrect.
public CustomUnicodeEncoderBase(TextEncoderSettings filter)
: base(filter, maxOutputCharsPerInputChar: 1)
{
}
/// <summary>
/// Creates a new instance of UrlEncoder with provided settings.
/// </summary>
/// <param name="settings">Settings used to control how the created <see cref="UrlEncoder"/> encodes, primarily which characters to encode.</param>
/// <returns>A new instance of the <see cref="UrlEncoder"/>.</returns>
public static UrlEncoder Create(TextEncoderSettings settings)
{
return(new DefaultUrlEncoder(settings));
}
public JavaScriptStringEncoder(TextEncoderSettings filter)
{
_encoder = new System.Text.Encodings.Web.DefaultJavaScriptEncoder(filter);
}
public DefaultUrlEncoder(TextEncoderSettings filter)
{
if (filter == null)
{
throw new ArgumentNullException("filter");
}
_allowedCharacters = filter.GetAllowedCharacters();
// Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed
// (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp)
_allowedCharacters.ForbidUndefinedCharacters();
// Forbid characters that are special in HTML.
// Even though this is a not HTML encoder,
// it's unfortunately common for developers to
// forget to HTML-encode a string once it has been URL-encoded,
// so this offers extra protection.
DefaultHtmlEncoder.ForbidHtmlCharacters(_allowedCharacters);
// Per RFC 3987, Sec. 2.2, we want encodings that are safe for
// four particular components: 'isegment', 'ipath-noscheme',
// 'iquery', and 'ifragment'. The relevant definitions are below.
//
// ipath-noscheme = isegment-nz-nc *( "/" isegment )
//
// isegment = *ipchar
//
// isegment-nz-nc = 1*( iunreserved / pct-encoded / sub-delims
// / "@" )
// ; non-zero-length segment without any colon ":"
//
// ipchar = iunreserved / pct-encoded / sub-delims / ":"
// / "@"
//
// iquery = *( ipchar / iprivate / "/" / "?" )
//
// ifragment = *( ipchar / "/" / "?" )
//
// iunreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" / ucschar
//
// ucschar = %xA0-D7FF / %xF900-FDCF / %xFDF0-FFEF
// / %x10000-1FFFD / %x20000-2FFFD / %x30000-3FFFD
// / %x40000-4FFFD / %x50000-5FFFD / %x60000-6FFFD
// / %x70000-7FFFD / %x80000-8FFFD / %x90000-9FFFD
// / %xA0000-AFFFD / %xB0000-BFFFD / %xC0000-CFFFD
// / %xD0000-DFFFD / %xE1000-EFFFD
//
// pct-encoded = "%" HEXDIG HEXDIG
//
// sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
// / "*" / "+" / "," / ";" / "="
//
// The only common characters between these four components are the
// intersection of 'isegment-nz-nc' and 'ipchar', which is really
// just 'isegment-nz-nc' (colons forbidden).
//
// From this list, the base encoder already forbids "&", "'", "+",
// and we'll additionally forbid "=" since it has special meaning
// in x-www-form-urlencoded representations.
//
// This means that the full list of allowed characters from the
// Basic Latin set is:
// ALPHA / DIGIT / "-" / "." / "_" / "~" / "!" / "$" / "(" / ")" / "*" / "," / ";" / "@"
const string forbiddenChars = @" #%/:=?[\]^`{|}"; // chars from Basic Latin which aren't already disallowed by the base encoder
foreach (char character in forbiddenChars)
{
_allowedCharacters.ForbidCharacter(character);
}
// Specials (U+FFF0 .. U+FFFF) are forbidden by the definition of 'ucschar' above
for (int i = 0; i < 16; i++)
{
_allowedCharacters.ForbidCharacter((char)(0xFFF0 | i));
}
}
public HtmlEncoder(TextEncoderSettings filter)
{
_encoder = new System.Text.Encodings.Web.DefaultHtmlEncoder(filter);
}
/// <summary>
/// Creates a new instance of HtmlEncoder with provided settings.
/// </summary>
/// <param name="settings">Settings used to control how the created <see cref="HtmlEncoder"/> encodes, primarily which characters to encode.</param>
/// <returns>A new instance of the <see cref="HtmlEncoder"/>.</returns>
public static HtmlEncoder Create(TextEncoderSettings settings)
{
return new DefaultHtmlEncoder(settings);
}
internal HtmlUnicodeEncoder(TextEncoderSettings filter)
: base(filter, MaxOutputCharsPerInputChar)
{
}
internal DefaultUrlEncoder(TextEncoderSettings settings)
{
if (settings is null)
{
throw new ArgumentNullException(nameof(settings));
}
// Per RFC 3987, Sec. 2.2, we want encodings that are safe for
// four particular components: 'isegment', 'ipath-noscheme',
// 'iquery', and 'ifragment'. The relevant definitions are below.
//
// ipath-noscheme = isegment-nz-nc *( "/" isegment )
//
// isegment = *ipchar
//
// isegment-nz-nc = 1*( iunreserved / pct-encoded / sub-delims
// / "@" )
// ; non-zero-length segment without any colon ":"
//
// ipchar = iunreserved / pct-encoded / sub-delims / ":"
// / "@"
//
// iquery = *( ipchar / iprivate / "/" / "?" )
//
// ifragment = *( ipchar / "/" / "?" )
//
// iunreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" / ucschar
//
// ucschar = %xA0-D7FF / %xF900-FDCF / %xFDF0-FFEF
// / %x10000-1FFFD / %x20000-2FFFD / %x30000-3FFFD
// / %x40000-4FFFD / %x50000-5FFFD / %x60000-6FFFD
// / %x70000-7FFFD / %x80000-8FFFD / %x90000-9FFFD
// / %xA0000-AFFFD / %xB0000-BFFFD / %xC0000-CFFFD
// / %xD0000-DFFFD / %xE1000-EFFFD
//
// pct-encoded = "%" HEXDIG HEXDIG
//
// sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
// / "*" / "+" / "," / ";" / "="
//
// The only common characters between these four components are the
// intersection of 'isegment-nz-nc' and 'ipchar', which is really
// just 'isegment-nz-nc' (colons forbidden).
//
// From this list, the base encoder already forbids "&", "'", "+",
// and we'll additionally forbid "=" since it has special meaning
// in x-www-form-urlencoded representations.
//
// This means that the full list of allowed characters from the
// Basic Latin set is:
// ALPHA / DIGIT / "-" / "." / "_" / "~" / "!" / "$" / "(" / ")" / "*" / "," / ";" / "@"
_innerEncoder = new OptimizedInboxTextEncoder(EscaperImplementation.Singleton, settings.GetAllowedCodePointsBitmap(), extraCharactersToEscape: stackalloc char[] {
' ', // chars from Basic Latin which aren't already disallowed by the base encoder
'#',
'%',
'/',
':',
'=',
'?',
'[',
'\\',
']',
'^',
'`',
'{',
'|',
'}',
'\uFFF0', // specials (U+FFF0 .. U+FFFF) are forbidden by the definition of 'ucschar' above
'\uFFF1',
'\uFFF2',
'\uFFF3',
'\uFFF4',
'\uFFF5',
'\uFFF6',
'\uFFF7',
'\uFFF8',
'\uFFF9',
'\uFFFA',
'\uFFFB',
'\uFFFC',
'\uFFFD',
'\uFFFE',
'\uFFFF',
});
public void Clear()
{
// Arrange
var filter = new TextEncoderSettings();
for (int i = 1; i <= Char.MaxValue; i++)
{
filter.AllowCharacter((char)i);
}
// Act
filter.Clear();
// Assert
for (int i = 0; i <= Char.MaxValue; i++)
{
Assert.False(filter.IsCharacterAllowed((char)i));
}
}
