private static TagValid checkTagValid(Match m, List <String> tobeClearTags, Dictionary <String, String> whitelist)
{
String tag = m.Value;
TagValid isComment = checkHtmlComment(tag);
if (isComment.IsValid)
{
return(isComment);
}
String endTagName = getEndTagName(tag);
if (strUtil.HasText(endTagName))
{
TagValid v = checkEndTag(endTagName, tobeClearTags, whitelist);
v.IsStartTag = false;
return(v);
}
TagValid result = checkStartTag(tag, whitelist);
result.IsStartTag = true;
return(result);
}
private static String Clear(String input, Dictionary <String, String> whitelist)
{
MatchCollection ms = getMatchs(input);
StringBuilder sb = new StringBuilder();
int lastIndex = 0;
List <String> tobeClearTags = new List <String>();
foreach (Match m in ms)
{
TagValid validResult = checkTagValid(m, tobeClearTags, whitelist);
sb.Append(input.Substring(lastIndex, m.Index - lastIndex));
if (validResult.IsValid)
{
sb.Append(input.Substring(m.Index, m.Length));
}
else
{
if (validResult.IsStartTag)
{
tobeClearTags.Add(validResult.Name);
}
}
lastIndex = m.Index + m.Length;
}
sb.Append(input.Substring(lastIndex, input.Length - lastIndex));
return(sb.ToString());
}
private static TagValid checkHtmlComment( string tag )
{
TagValid v = new TagValid();
v.IsValid = true;
if (strUtil.IsNullOrEmpty( tag )) return v;
if (tag.StartsWith( "<!--" ) && tag.EndsWith( "-->" )) return v;
v.IsValid = false;
return v;
}
private static TagValid checkEndTag( String tagName, List<String> tobeClearTags, Dictionary<String, String> whitelist )
{
TagValid result = new TagValid( tagName );
foreach (String tobeTag in tobeClearTags) {
if (tobeTag.Equals( tagName )) {
tobeClearTags.Remove( tobeTag );
result.IsValid = false;
return result;
}
}
result.IsValid = whitelist.ContainsKey( tagName );
return result;
}
private static TagValid checkEndTag(String tagName, List <String> tobeClearTags, Dictionary <String, String> whitelist)
{
TagValid result = new TagValid(tagName);
foreach (String tobeTag in tobeClearTags)
{
if (tobeTag.Equals(tagName))
{
tobeClearTags.Remove(tobeTag);
result.IsValid = false;
return(result);
}
}
result.IsValid = whitelist.ContainsKey(tagName.ToLower());
return(result);
}
private static TagValid checkHtmlComment(string tag)
{
TagValid v = new TagValid();
v.IsValid = true;
if (strUtil.IsNullOrEmpty(tag))
{
return(v);
}
if (tag.StartsWith("<!--") && tag.EndsWith("-->"))
{
return(v);
}
v.IsValid = false;
return(v);
}
/// <summary>
/// 根据白名单过滤
/// </summary>
/// <param name="input">需要过滤的字符串</param>
/// <param name="whitelist">白名单</param>
/// <param name="isAddBaseAttr">是否允许 id/class/style 这三个基础属性</param>
/// <returns></returns>
public static String Clear(String input, Dictionary <String, String> whitelist, Boolean isAddBaseAttr)
{
input = clearScriptContent(input, whitelist);
MatchCollection ms = getMatchs(input);
StringBuilder sb = new StringBuilder();
int lastIndex = 0;
List <String> tobeClearTags = new List <String>();
foreach (Match m in ms)
{
TagValid validResult = checkTagValid(m, tobeClearTags, whitelist);
sb.Append(input.Substring(lastIndex, m.Index - lastIndex));
if (validResult.IsValid)
{
if (validResult.IsStartTag)
{
addTagAndAttribute(input, sb, m, whitelist, isAddBaseAttr);
}
else
{
addTagString(input, sb, m);
}
}
else
{
if (validResult.IsStartTag)
{
tobeClearTags.Add(validResult.Name);
}
}
lastIndex = m.Index + m.Length;
}
sb.Append(input.Substring(lastIndex, input.Length - lastIndex));
return(sb.ToString());
}