/// <summary> /// Initializes a new instance of the <see cref="FilteredTagCollection"/> class. /// </summary> /// <param name="allowedTags">The allowed tags.</param> public MatchedTagCollection( ValidTagCollection allowedTags ) { // param validation if( allowedTags == null ){throw new ArgumentNullException( "allowedTags" ); } this.allowedTags = allowedTags; }
/// <summary> /// Initializes a new instance of the <see cref="FilteredTagCollection"/> class. /// </summary> /// <param name="allowedTags">The allowed tags.</param> public MatchedTagCollection(ValidTagCollection allowedTags) { // param validation if (allowedTags == null) { throw new ArgumentNullException("allowedTags"); } this.allowedTags = allowedTags; }
public void HtmlAttributeFilterTest(){ ValidTagCollection tags = new ValidTagCollection("a@href@title,img@src"); string one = "aa<a href=\"attValue\" title=\"attTitle\">bb</a>"; string one_result = one; Assert.AreEqual( one_result, SiteUtilities.FilterHtml( one, tags), "Test one failed."); string two = "aa<a onclick=\"evil javascript\" href=\"link\">bb</a>"; string two_result = "aa<a href=\"link\">bb</a>"; Assert.AreEqual( two_result, SiteUtilities.FilterHtml( two, tags), "Test two failed." ); string three = "aa<a href=attValue title=attTitle>bb</a>"; string three_result = "aa<a href=\"attValue\" title=\"attTitle\">bb</a>"; Assert.AreEqual( three_result, SiteUtilities.FilterHtml( three, tags), "Test three failed." ); string four = "aa<a href title=\"title\">bb</a>"; string four_result = "aa<a title=\"title\">bb</a>"; Assert.AreEqual( four_result, SiteUtilities.FilterHtml( four, tags), "Test four failed." ); string five = "aa<a title=\"title\" href>bb</a>"; string five_result = "aa<a title=\"title\">bb</a>"; Assert.AreEqual( five_result, SiteUtilities.FilterHtml( five, tags), "Test five failed." ); }
public static string FilterHtml(string input, ValidTagCollection allowedTags) { return(SiteUtilities.FilterHtml(input, allowedTags)); }
public static string FilterHtml( string input, ValidTagCollection allowedTags ) { return SiteUtilities.FilterHtml(input,allowedTags); }
public static string FilterHtml( string input, ValidTagCollection allowedTags ) { // no tags allowed so just html encode if( allowedTags == null || allowedTags.Count == 0 ){ return HttpUtility.HtmlEncode( input ); } // check for matches MatchCollection matches = htmlFilterRegex.Matches( input ); // no matches, normal encoding if( matches.Count == 0 ){ return HttpUtility.HtmlEncode( input ); } StringBuilder sb = new StringBuilder(); MatchedTagCollection collection = new MatchedTagCollection( allowedTags ); collection.Init( matches); int inputIndex = 0; foreach( MatchedTag tag in collection ){ // add the normal text between the current index and the index of the current tag if( inputIndex < tag.Index ){ sb.Append(HttpUtility.HtmlEncode(input.Substring(inputIndex, tag.Index - inputIndex))); } // add the filtered value sb.Append( tag.FilteredValue ); // move the current index past the tag inputIndex = tag.Index + tag.Length; } // add remainder if( inputIndex < input.Length ){ sb.Append( HttpUtility.HtmlEncode(input.Substring( inputIndex)) ); } return sb.ToString(); }