/// <summary>Test if the supplied attribute is allowed by this whitelist for this tag</summary> /// <param name="tagName">tag to consider allowing the attribute in</param> /// <param name="el">element under test, to confirm protocol</param> /// <param name="attr">attribute under test</param> /// <returns>true if allowed</returns> protected internal virtual bool IsSafeAttribute(String tagName, iText.StyledXmlParser.Jsoup.Nodes.Element el, iText.StyledXmlParser.Jsoup.Nodes.Attribute attr) { Whitelist.TagName tag = Whitelist.TagName.ValueOf(tagName); Whitelist.AttributeKey key = Whitelist.AttributeKey.ValueOf(attr.Key); if (attributes.ContainsKey(tag)) { if (attributes.Get(tag).Contains(key)) { if (protocols.ContainsKey(tag)) { IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrProts = protocols.Get(tag); // ok if not defined protocol; otherwise test return(!attrProts.ContainsKey(key) || TestValidProtocol(el, attr, attrProts.Get(key))); } else { // attribute found, no protocols defined, so OK return(true); } } } // no attributes defined for tag, try :all tag return(!tagName.Equals(":all") && IsSafeAttribute(":all", el, attr)); }
/// <summary>Remove allowed URL protocols for an element's URL attribute.</summary> /// <remarks> /// Remove allowed URL protocols for an element's URL attribute. /// <para /> /// E.g.: <code>removeProtocols("a", "href", "ftp")</code> /// </remarks> /// <param name="tag">Tag the URL protocol is for</param> /// <param name="key">Attribute key</param> /// <param name="protocols">List of invalid protocols</param> /// <returns>this, for chaining</returns> public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist RemoveProtocols(String tag, String key, params String[] protocols) { Validate.NotEmpty(tag); Validate.NotEmpty(key); Validate.NotNull(protocols); Whitelist.TagName tagName = Whitelist.TagName.ValueOf(tag); Whitelist.AttributeKey attrKey = Whitelist.AttributeKey.ValueOf(key); if (this.protocols.ContainsKey(tagName)) { IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrMap = this.protocols.Get(tagName); if (attrMap.ContainsKey(attrKey)) { ICollection <Whitelist.Protocol> protSet = attrMap.Get(attrKey); foreach (String protocol in protocols) { Validate.NotEmpty(protocol); Whitelist.Protocol prot = Whitelist.Protocol.ValueOf(protocol); protSet.Remove(prot); } if (protSet.IsEmpty()) { // Remove protocol set if empty attrMap.JRemove(attrKey); if (attrMap.IsEmpty()) { // Remove entry for tag if empty this.protocols.JRemove(tagName); } } } } return(this); }
/// <summary>Add an enforced attribute to a tag.</summary> /// <remarks> /// Add an enforced attribute to a tag. An enforced attribute will always be added to the element. If the element /// already has the attribute set, it will be overridden. /// <para /> /// E.g.: <code>addEnforcedAttribute("a", "rel", "nofollow")</code> will make all <code>a</code> tags output as /// <code><a href="..." rel="nofollow"></code> /// </remarks> /// <param name="tag">The tag the enforced attribute is for. The tag will be added to the allowed tag list if necessary. /// </param> /// <param name="key">The attribute key</param> /// <param name="value">The enforced attribute value</param> /// <returns>this (for chaining)</returns> public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist AddEnforcedAttribute(String tag, String key, String value) { Validate.NotEmpty(tag); Validate.NotEmpty(key); Validate.NotEmpty(value); Whitelist.TagName tagName = Whitelist.TagName.ValueOf(tag); if (!tagNames.Contains(tagName)) { tagNames.Add(tagName); } Whitelist.AttributeKey attrKey = Whitelist.AttributeKey.ValueOf(key); Whitelist.AttributeValue attrVal = Whitelist.AttributeValue.ValueOf(value); if (enforcedAttributes.ContainsKey(tagName)) { enforcedAttributes.Get(tagName).Put(attrKey, attrVal); } else { IDictionary <Whitelist.AttributeKey, Whitelist.AttributeValue> attrMap = new Dictionary <Whitelist.AttributeKey , Whitelist.AttributeValue>(); attrMap.Put(attrKey, attrVal); enforcedAttributes.Put(tagName, attrMap); } return(this); }
/// <summary>Remove a previously configured enforced attribute from a tag.</summary> /// <param name="tag">The tag the enforced attribute is for.</param> /// <param name="key">The attribute key</param> /// <returns>this (for chaining)</returns> public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist RemoveEnforcedAttribute(String tag, String key ) { Validate.NotEmpty(tag); Validate.NotEmpty(key); Whitelist.TagName tagName = Whitelist.TagName.ValueOf(tag); if (tagNames.Contains(tagName) && enforcedAttributes.ContainsKey(tagName)) { Whitelist.AttributeKey attrKey = Whitelist.AttributeKey.ValueOf(key); IDictionary <Whitelist.AttributeKey, Whitelist.AttributeValue> attrMap = enforcedAttributes.Get(tagName); attrMap.JRemove(attrKey); if (attrMap.IsEmpty()) { // Remove tag from enforced attribute map if no enforced attributes are present enforcedAttributes.JRemove(tagName); } } return(this); }
/// <summary>Add allowed URL protocols for an element's URL attribute.</summary> /// <remarks> /// Add allowed URL protocols for an element's URL attribute. This restricts the possible values of the attribute to /// URLs with the defined protocol. /// <para /> /// E.g.: <code>addProtocols("a", "href", "ftp", "http", "https")</code> /// <para /> /// To allow a link to an in-page URL anchor (i.e. <code><a href="#anchor"></code>, add a <code>#</code>:<br /> /// E.g.: <code>addProtocols("a", "href", "#")</code> /// </remarks> /// <param name="tag">Tag the URL protocol is for</param> /// <param name="key">Attribute key</param> /// <param name="protocols">List of valid protocols</param> /// <returns>this, for chaining</returns> public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist AddProtocols(String tag, String key, params String [] protocols) { Validate.NotEmpty(tag); Validate.NotEmpty(key); Validate.NotNull(protocols); Whitelist.TagName tagName = Whitelist.TagName.ValueOf(tag); Whitelist.AttributeKey attrKey = Whitelist.AttributeKey.ValueOf(key); IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrMap; ICollection <Whitelist.Protocol> protSet; if (this.protocols.ContainsKey(tagName)) { attrMap = this.protocols.Get(tagName); } else { attrMap = new Dictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> >(); this.protocols.Put(tagName, attrMap); } if (attrMap.ContainsKey(attrKey)) { protSet = attrMap.Get(attrKey); } else { protSet = new HashSet <Whitelist.Protocol>(); attrMap.Put(attrKey, protSet); } foreach (String protocol in protocols) { Validate.NotEmpty(protocol); Whitelist.Protocol prot = Whitelist.Protocol.ValueOf(protocol); protSet.Add(prot); } return(this); }