/// <summary> Private method for parsing the <tag-rules> from the XML file.</summary> /// <param name="root">The root element for <tag-rules> /// </param> /// <returns> A List<Tag> containing the rules. /// </returns> /// <throws> PolicyException </throws> private Hashtable parseTagRules(XmlNode tagAttributeListNode) { Hashtable tags = new Hashtable(); XmlNodeList tagList = tagAttributeListNode.SelectNodes("tag"); foreach (XmlNode tagNode in tagList) { if (tagNode.NodeType == XmlNodeType.Element) { String name = (tagNode.Attributes["name"] == null ? null : tagNode.Attributes["name"].Value); String action = (tagNode.Attributes["action"] == null ? null : tagNode.Attributes["action"].Value); Tag tag = new Tag(name); if (tagNames == null) tagNames = new ArrayList(); tagNames.Add(name); tag.Action = action; //XmlNodeList attributeList = tagNode.SelectNodes("attribute"); XmlNodeList attributeList = tagNode.SelectNodes("attribute"); foreach (XmlNode attributeNode in attributeList) { if (!attributeNode.HasChildNodes) { Attribute attribute = getCommonAttributeByName(attributeNode.Attributes["name"].Value); if (attribute != null) { String onInvalid = (attributeNode.Attributes["onInvalid"] == null ? null : attributeNode.Attributes["onInvalid"].Value); String description = (attributeNode.Attributes["description"] == null ? null : attributeNode.Attributes["description"].Value); if (onInvalid != null && onInvalid.Length > 0) attribute.OnInvalid = onInvalid; if (description != null && description.Length > 0) attribute.Description = description; tag.addAttribute((org.owasp.validator.html.model.Attribute)attribute.Clone()); } else { //TODO: make this work with .NET //throw new PolicyException("Attribute '"+XMLUtil.getAttributeValue(attributeNode,"name")+"' was referenced as a common attribute in definition of '"+tag.getName()+"', but does not exist in <common-attributes>"); } } else { /* Custom attribute for this tag */ Attribute attribute = new Attribute(attributeNode.Attributes["name"].Value); attribute.OnInvalid = (attributeNode.Attributes["onInvalid"] != null ? attributeNode.Attributes["onInvalid"].Value : null); attribute.Description = (attributeNode.Attributes["description"] != null ? attributeNode.Attributes["description"].Value : null); XmlNode regExpListNode = attributeNode.SelectNodes("regexp-list")[0]; if (regExpListNode != null) { XmlNodeList regExpList = regExpListNode.SelectNodes("regexp"); foreach (XmlNode regExpNode in regExpList) { string regExpName = (regExpNode.Attributes["name"] == null ? null : regExpNode.Attributes["name"].Value); string value = (regExpNode.Attributes["value"] == null ? null : regExpNode.Attributes["value"].Value); if (regExpName != null && regExpName.Length > 0) { //AntiSamyPattern pattern = getRegularExpression(regExpName); string pattern = getRegularExpression(regExpName); if (pattern != null) attribute.addAllowedRegExp(pattern); //attribute.addAllowedRegExp(pattern.Pattern); else { throw new PolicyException("Regular expression '" + regExpName + "' was referenced as a common regexp in definition of '" + tag.Name + "', but does not exist in <common-regexp>"); } } else if (value != null && value.Length > 0) { //TODO: see if I need to reimplement pattern.compile attribute.addAllowedRegExp(REGEXP_BEGIN + value + REGEXP_END); } } } XmlNode literalListNode = attributeNode.SelectNodes("literal-list")[0]; if (literalListNode != null) { XmlNodeList literalNodes = literalListNode.SelectNodes("literal"); foreach (XmlNode literalNode in literalNodes) { string value = (literalNode.Attributes["value"] == null ? null : literalNode.Attributes["value"].Value); if (value != null && value.Length > 0) { attribute.addAllowedValue(value); } else if (literalNode.Value != null) { attribute.addAllowedValue(literalNode.Value); } } } tag.addAttribute(attribute); } } tags.Add(name, tag); } } return tags; }
/// <summary> Private method for parsing the <tag-rules> from the XML file.</summary> /// <param name="root">The root element for <tag-rules> /// </param> /// <returns> A List<Tag> containing the rules. /// </returns> /// <throws> PolicyException </throws> private Hashtable parseTagRules(XmlNode tagAttributeListNode) { Hashtable tags = new Hashtable(); XmlNodeList tagList = tagAttributeListNode.SelectNodes("tag"); foreach (XmlNode tagNode in tagList) { if (tagNode.NodeType == XmlNodeType.Element) { String name = (tagNode.Attributes["name"] == null ? null : tagNode.Attributes["name"].Value); String action = (tagNode.Attributes["action"] == null ? null : tagNode.Attributes["action"].Value); Tag tag = new Tag(name); if (tagNames == null) { tagNames = new ArrayList(); } tagNames.Add(name); tag.Action = action; //XmlNodeList attributeList = tagNode.SelectNodes("attribute"); XmlNodeList attributeList = tagNode.SelectNodes("attribute"); foreach (XmlNode attributeNode in attributeList) { if (!attributeNode.HasChildNodes) { Attribute attribute = getCommonAttributeByName(attributeNode.Attributes["name"].Value); if (attribute != null) { String onInvalid = (attributeNode.Attributes["onInvalid"] == null ? null : attributeNode.Attributes["onInvalid"].Value); String description = (attributeNode.Attributes["description"] == null ? null : attributeNode.Attributes["description"].Value); if (onInvalid != null && onInvalid.Length > 0) { attribute.OnInvalid = onInvalid; } if (description != null && description.Length > 0) { attribute.Description = description; } tag.addAttribute((org.owasp.validator.html.model.Attribute)attribute.Clone()); } else { //TODO: make this work with .NET //throw new PolicyException("Attribute '"+XMLUtil.getAttributeValue(attributeNode,"name")+"' was referenced as a common attribute in definition of '"+tag.getName()+"', but does not exist in <common-attributes>"); } } else { /* Custom attribute for this tag */ Attribute attribute = new Attribute(attributeNode.Attributes["name"].Value); attribute.OnInvalid = (attributeNode.Attributes["onInvalid"] != null ? attributeNode.Attributes["onInvalid"].Value : null); attribute.Description = (attributeNode.Attributes["description"] != null ? attributeNode.Attributes["description"].Value : null); XmlNode regExpListNode = attributeNode.SelectNodes("regexp-list")[0]; if (regExpListNode != null) { XmlNodeList regExpList = regExpListNode.SelectNodes("regexp"); foreach (XmlNode regExpNode in regExpList) { string regExpName = (regExpNode.Attributes["name"] == null ? null : regExpNode.Attributes["name"].Value); string value = (regExpNode.Attributes["value"] == null ? null : regExpNode.Attributes["value"].Value); if (regExpName != null && regExpName.Length > 0) { //AntiSamyPattern pattern = getRegularExpression(regExpName); string pattern = getRegularExpression(regExpName); if (pattern != null) { attribute.addAllowedRegExp(pattern); } //attribute.addAllowedRegExp(pattern.Pattern); else { throw new PolicyException("Regular expression '" + regExpName + "' was referenced as a common regexp in definition of '" + tag.Name + "', but does not exist in <common-regexp>"); } } else if (value != null && value.Length > 0) { //TODO: see if I need to reimplement pattern.compile attribute.addAllowedRegExp(REGEXP_BEGIN + value + REGEXP_END); } } } XmlNode literalListNode = attributeNode.SelectNodes("literal-list")[0]; if (literalListNode != null) { XmlNodeList literalNodes = literalListNode.SelectNodes("literal"); foreach (XmlNode literalNode in literalNodes) { string value = (literalNode.Attributes["value"] == null ? null : literalNode.Attributes["value"].Value); if (value != null && value.Length > 0) { attribute.addAllowedValue(value); } else if (literalNode.Value != null) { attribute.addAllowedValue(literalNode.Value); } } } tag.addAttribute(attribute); } } tags.Add(name, tag); } } return(tags); }