public void ScriptTagsUnsafeOnly()
{
var markdown = "<script>alert('Pwned');</script>";
var expectedUnsafe = @"<script>alert('Pwned');</script>";
var actualUnsafe = _defaultRenderer.RenderHtml(markdown);
AssertEquivalentHtml(expectedUnsafe, actualUnsafe);
var expectedSafe = @"<p><script>alert('Pwned');</script></p>";
var actualSafe = _defaultRenderer.RenderHtmlSafe(markdown);
AssertEquivalentHtml(expectedSafe, actualSafe);
}
public async Task <IActionResult> contact()
{
var reactions = await _articleStore.GetArticleReactions(Constants.SLUG_CONTACT_US, latest : true);
return(View(reactions.Select(r => new ContactUsReaction {
timestamp = r.TimestampAsString,
userId = r.AuthorId,
userName = String.IsNullOrWhiteSpace(r.AuthorName) ? "(anonymous)" : r.AuthorName,
htmlContent = _markdownHtmlRenderer.RenderHtmlSafe(r.Content, keepLineBreaks: true)
})));
}
public async Task <IActionResult> comments(string year, string month, string slug, string sinceTimestamp = "")
{
var articleSlug = $"{year}/{month}/{slug}";
var article = await articleStore.GetArticleAsync(articleSlug);
var reactions = await articleStore.GetArticleReactions(articleSlug, sinceTimestamp, 50);
var canModeratePosts = User.IsInRole(ApplicationRole.ADMINISTRATOR);
string RenderCommentHtml(string content)
{
return(_markdownHtmlRenderer.RenderHtmlSafe(content, keepLineBreaks: true));
}
return(new JsonResult(reactions.Select(r =>
{
switch (r.ReactionType)
{
case ArticleReactionType.Comment:
return new BlogArticleReaction
{
commentId = r.ReactionId,
articleSlug = r.ArticleSlug,
authorName = r.AuthorName,
authorImageUrl = "/images/unknownPersonPlaceholder.png",
timestamp = r.PublishDate.ToString("O"),
isMine = (r.AuthorId == CurrentUserId),
canReply = !(article.LockedForComments) && IsLoggedIn,
canHide = (!(article.LockedForComments) && (r.AuthorId == CurrentUserId)) || canModeratePosts,
canDelete = canModeratePosts,
editState = _DisplayAsText(r.EditState),
htmlContent = RenderCommentHtml(r.Content),
replyToId = r.ReactingToId
};
case ArticleReactionType.Edit:
return new BlogArticleReaction
{
commentId = r.ReactingToId,
articleSlug = r.ArticleSlug,
authorName = r.AuthorName,
authorImageUrl = "/images/unknownPersonPlaceholder.png",
timestamp = r.PublishDate.ToString("O"),
isMine = (r.AuthorId == CurrentUserId),
canReply = !(article.LockedForComments) && IsLoggedIn,
canHide = (!(article.LockedForComments) && (r.AuthorId == CurrentUserId)) || canModeratePosts,
canDelete = canModeratePosts,
editState = "edited",
htmlContent = RenderCommentHtml(r.Content),
replyToId = "" // TODO: react to react
};
case ArticleReactionType.Hide:
return null;
case ArticleReactionType.Delete:
return null;
case ArticleReactionType.Vote:
return null;
default:
return null;
}
})));
}