// Check if this tag is safe
public bool IsSafe()
{
string name_lower = m_name.ToLowerInvariant();
// Check if tag is in whitelist
if (!Utils.IsInList(name_lower, m_allowed_tags))
{
return(false);
}
// Find allowed attributes
string[] allowed_attributes;
if (!m_allowed_attributes.TryGetValue(name_lower, out allowed_attributes))
{
// No allowed attributes, check we don't have any
return(m_attributes.Count == 0);
}
// Check all are allowed
foreach (var i in m_attributes)
{
if (!Utils.IsInList(i.Key.ToLowerInvariant(), allowed_attributes))
{
return(false);
}
}
// Check href attribute is ok
string href;
if (m_attributes.TryGetValue("href", out href))
{
if (!Utils.IsSafeUrl(href))
{
return(false);
}
}
string src;
if (m_attributes.TryGetValue("src", out src))
{
if (!Utils.IsSafeUrl(src))
{
return(false);
}
}
// Passed all white list checks, allow it
return(true);
}