public virtual void Write(string value)
{
if (value == null)
{
return;
}
WriteLiteral(HtmlEncoder.Encode(value));
}
/// <summary>
/// Adds a segment to the title and returns all segments.
/// </summary>
/// <param name="segment">The segment to add to the title.</param>
/// <param name="position">Optional. The position of the segment in the title.</param>
/// <param name="separator">The html string that should separate all segments.</param>
/// <returns>And <see cref="IHtmlContent"/> instance representing the full title.</returns>
public IHtmlContent RenderTitleSegments(string segment, string position = "0", IHtmlContent separator = null)
{
if (!String.IsNullOrEmpty(segment))
{
Title.AddSegment(new HtmlString(HtmlEncoder.Encode(segment)), position);
}
return(Title.GenerateTitle(separator));
}
protected void WriteTo(StringBuilder writer, string value)
{
if (value == null)
{
return;
}
WriteLiteralTo(writer, HtmlEncoder.Encode(value));
}
public override void Process(TagHelperContext context, TagHelperOutput output)
{
output.TagName = "div";
output.TagMode = TagMode.StartTagAndEndTag;
var sb = new StringBuilder();
if (IncludeMachine)
{
sb.Append(" <strong>Machine</strong> ");
sb.Append(_htmlEncoder.Encode(Environment.MachineName));
}
if (IncludeOS)
{
sb.Append(" <strong>OS</strong> ");
sb.Append(
_htmlEncoder.Encode(RuntimeInformation.OSDescription));
}
output.Content.SetHtmlContent(sb.ToString());
}
public IEnumerable <string> Post([FromBody] MobileConnector visitor)
{
if (_dbContext != null)
{
_dbContext.Visitors.Add(visitor);
_dbContext.SaveChanges();
}
return(new string[] { _htmlEncoder.Encode("Hello " + visitor.Name) });
}
private static void WriteTo(TextWriter writer, HtmlEncoder encoder, string value)
{
if (!string.IsNullOrEmpty(value))
{
// Perf: Encode right away instead of writing it character-by-character.
// character-by-character isn't efficient when using a writer backed by a ViewBuffer.
var encoded = encoder.Encode(value);
writer.Write(encoded);
}
}
//public IActionResult Index()
//{
// return View();
//}
public IActionResult Index() // injecting encoder in controller
{
const string xssScript = "<script>alert('XSS')</script>";
List <string> encodedScripts = new List <string>();
encodedScripts.Add(_htmlEncoder.Encode(xssScript));
encodedScripts.Add(_javaScriptEncoder.Encode(xssScript));
return(View("index", encodedScripts));
}
public void WriteTo(TextWriter writer, HtmlEncoder encoder)
{
if (encoder == null)
{
writer.Write(Value);
}
else
{
writer.Write(encoder.Encode(Value));
}
}
public async Task <IActionResult> UpdateOrder(OrderDTO orderToUpdate)
{
if (orderToUpdate.Description != null)
{
orderToUpdate.Description = _htmlEncoder.Encode(_javaScriptEncoder.Encode(orderToUpdate.Description));
}
var order = await _orderServices.UpdateOrder(orderToUpdate);
return(StatusCode(200, order));
}
public void EncodeTest(string input, string expected)
{
// Arrange
var htmlEncoder = new HtmlEncoder();
// Act
var result = htmlEncoder.Encode(input);
// Assert
Assert.Equal(expected, result);
}
public virtual async Task <IActionResult> OnGetAsync(string keyword)
{
if (!await _documentAppService.FullSearchEnabledAsync())
{
return(RedirectToPage("Index"));
}
KeyWord = keyword;
Project = await _projectAppService.GetAsync(ProjectName);
var output = await _projectAppService.GetVersionsAsync(Project.ShortName);
var versions = output.Items.ToList();
if (versions.Any() &&
string.Equals(Version, DocsAppConsts.Latest, StringComparison.OrdinalIgnoreCase))
{
if ((!Project.ExtraProperties.ContainsKey("GithubVersionProviderSource") ||
(GithubVersionProviderSource)(long)Project.ExtraProperties["GithubVersionProviderSource"] == GithubVersionProviderSource.Releases) &&
!string.IsNullOrEmpty(Project.LatestVersionBranchName))
{
Version = Project.LatestVersionBranchName;
}
else
{
Version = (versions.FirstOrDefault(v => !SemanticVersionHelper.IsPreRelease(v.Name)) ?? versions.First()).Name;
}
}
SearchOutputs = await _documentAppService.SearchAsync(new DocumentSearchInput
{
ProjectId = Project.Id,
Context = KeyWord,
LanguageCode = LanguageCode,
Version = Version
});
var highlightTag1 = Guid.NewGuid().ToString();
var highlightTag2 = Guid.NewGuid().ToString();
foreach (var searchOutput in SearchOutputs)
{
for (var i = 0; i < searchOutput.Highlight.Count; i++)
{
searchOutput.Highlight[i] = _encoder
.Encode(searchOutput.Highlight[i].Replace("<highlight>", highlightTag1)
.Replace("</highlight>", highlightTag2))
.Replace(highlightTag1, "<highlight>").Replace(highlightTag2, "</highlight>");
}
}
return(Page());
}
public IActionResult About()
{
// Simple code example for HTML encoder
var example = "\"Quoted Value with spaces and &\"";
var encodedValue = _htmlEncoder.Encode(example);
ViewData["Title"] = encodedValue;
return(View());
}
/// <summary>
/// Adds the given <paramref name="classValue"/> to the <paramref name="tagHelperOutput"/>'s
/// <see cref="TagHelperOutput.Attributes"/>.
/// </summary>
/// <param name="tagHelperOutput">The <see cref="TagHelperOutput"/> this method extends.</param>
/// <param name="classValue">The class value to add.</param>
/// <param name="htmlEncoder">The current HTML encoder.</param>
public static void AddClass(
this TagHelperOutput tagHelperOutput,
string classValue,
HtmlEncoder htmlEncoder)
{
if (tagHelperOutput == null)
{
throw new ArgumentNullException(nameof(tagHelperOutput));
}
if (string.IsNullOrEmpty(classValue))
{
return;
}
var encodedSpaceChars = SpaceChars.Where(x => !x.Equals('\u0020')).Select(x => htmlEncoder.Encode(x.ToString())).ToArray();
if (SpaceChars.Any(classValue.Contains) || encodedSpaceChars.Any(value => classValue.IndexOf(value, StringComparison.Ordinal) >= 0))
{
throw new ArgumentException(Resources.ArgumentCannotContainHtmlSpace, nameof(classValue));
}
if (!tagHelperOutput.Attributes.TryGetAttribute("class", out TagHelperAttribute classAttribute))
{
tagHelperOutput.Attributes.Add("class", classValue);
}
else
{
var currentClassValue = ExtractClassValue(classAttribute, htmlEncoder);
var encodedClassValue = htmlEncoder.Encode(classValue);
if (string.Equals(currentClassValue, encodedClassValue, StringComparison.Ordinal))
{
return;
}
var arrayOfClasses = currentClassValue.Split(SpaceChars, StringSplitOptions.RemoveEmptyEntries)
.SelectMany(perhapsEncoded => perhapsEncoded.Split(encodedSpaceChars, StringSplitOptions.RemoveEmptyEntries))
.ToArray();
if (arrayOfClasses.Contains(encodedClassValue, StringComparer.Ordinal))
{
return;
}
var newClassAttribute = new TagHelperAttribute(
classAttribute.Name,
new HtmlString($"{currentClassValue} {encodedClassValue}"),
classAttribute.ValueStyle);
tagHelperOutput.Attributes.SetAttribute(newClassAttribute);
}
}
private static void AppendToOutput(
StringBuilder tokenBuffer,
object[] arguments,
TextWriter writer,
HtmlEncoder encoder)
{
if (tokenBuffer != null && tokenBuffer.Length > 0)
{
encoder.Encode(writer, string.Format(tokenBuffer.ToString(), arguments));
}
}
public ActionResult Edit(CustomerSearchMvcResponseModel customerSearchMvcResponseData)
{
if (ModelState.IsValid)
{
customerSearchMvcResponseData.CustomerName = _htmlEncoder.Encode(customerSearchMvcResponseData.CustomerName);
// Update the employee...
// Display a confirmation and redirect to a better view.
return(RedirectToAction("Index"));
}
return(View(customerSearchMvcResponseData));
}
public override void BuildPost(XRpcStruct rpcStruct, XmlRpcContext context, ContentItem contentItem)
{
var titlePart = contentItem.As <TitlePart>();
if (titlePart == null)
{
return;
}
rpcStruct.Set("title", _encoder.Encode(titlePart.Title));
}
public string EncodeString(string ValueToEncode)
{
ValueToEncode = _htmlEncoder.Encode(ValueToEncode);
// ValueToEncode = _urlEncoder.Encode(ValueToEncode);
ValueToEncode = _javaScriptEncoder.Encode(ValueToEncode);
Regex rRemScript = new Regex(@"<script[^>]*>[\s\S]*?</script>");
ValueToEncode = rRemScript.Replace(ValueToEncode, "");
return(ValueToEncode);
}
public void Encode_OnEmptyString_ReturnEmptyString(string input)
{
// Arrange
var output = new StringBuilder();
// Act
HtmlEncoder.Encode(input, output, new ArrayList());
var actualResult = output.ToString();
// Assert
actualResult.ShouldBeNullOrWhiteSpace();
}
public void EncodeTest(string input, string expected)
{
// Arrange
var htmlEncoder = new HtmlEncoder(CultureInfo.InvariantCulture);
using var writer = new StringWriter();
// Act
htmlEncoder.Encode(input, writer);
// Assert
Assert.Equal(expected, writer.ToString());
}
public override void WriteLine(LogPriority logPriority, string[] msg)
{
string color = GetColor(logPriority);
sb.Append("<tr style=\"vertical-align: top\">");
foreach (var part in msg)
{
string encoded = htmlEncoder.Encode(part);
var boldedMessage = "<pre>" + encoded + "</pre>";
sb.AppendLine($"<td><div style=\"color: {color}\">{boldedMessage}</div></td>");
}
sb.Append("</tr>");
}
public void WriteTo(TextWriter writer, HtmlEncoder encoder)
{
foreach (KeyValuePair <String, Object> attribute in this)
{
writer.Write(" ");
writer.Write(attribute.Key);
writer.Write("=\"");
writer.Write(encoder.Encode(attribute.Value?.ToString()));
writer.Write("\"");
}
}
public void WriteTo(TextWriter writer, HtmlEncoder encoder)
{
ArgumentNullException.ThrowIfNull(writer);
ArgumentNullException.ThrowIfNull(encoder);
// Write out "{left} {right}" in the common nothing-empty case.
var wroteLeft = false;
if (_left != null)
{
if (_left is IHtmlContent htmlContent)
{
// Ignore case where htmlContent is HtmlString.Empty. At worst, will add a leading space to the
// generated attribute value.
htmlContent.WriteTo(writer, encoder);
wroteLeft = true;
}
else
{
var stringValue = _left.ToString();
if (!string.IsNullOrEmpty(stringValue))
{
encoder.Encode(writer, stringValue);
wroteLeft = true;
}
}
}
if (!string.IsNullOrEmpty(_right))
{
if (wroteLeft)
{
writer.Write(' ');
}
encoder.Encode(writer, _right);
}
}
public IActionResult Index([FromQuery] SearchViewModel searchViewModel)
{
var posts = _postsBll.GetAll(searchViewModel.SearchInput)
.Select(p => p.ToViewModel());
if (searchViewModel?.SearchInput != null)
{
searchViewModel.SearchSafe = _htmlEncoder.Encode(searchViewModel.SearchInput);
}
return(View(new FeedPageViewModel {
Posts = posts, SearchObject = searchViewModel
}));
}
public static async Task RenderFortunesHtml(IEnumerable <IFortune> model, HttpContext httpContext, HtmlEncoder htmlEncoder)
{
httpContext.Response.StatusCode = StatusCodes.Status200OK;
httpContext.Response.ContentType = "text/html; charset=UTF-8";
await httpContext.Response.WriteAsync("<!DOCTYPE html><html><head><title>Fortunes</title></head><body><table><tr><th>id</th><th>message</th></tr>");
foreach (IFortune item in model)
{
await httpContext.Response.WriteAsync($"<tr><td>{htmlEncoder.Encode(item.Id.ToString())}</td><td>{htmlEncoder.Encode(item.Message)}</td></tr>");
}
await httpContext.Response.WriteAsync("</table></body></html>");
}
public void WriteTo(TextWriter writer, HtmlEncoder encoder)
{
var htmlTextWriter = writer as HtmlTextWriter;
if (htmlTextWriter != null)
{
htmlTextWriter.Write(this);
}
else
{
encoder.Encode(writer, _firstSegment, 0, _firstSegmentLength);
writer.Write(_secondSegment);
}
}
protected virtual string GetInnerHtml(TagHelperContext context, TagHelperOutput output)
{
if (string.IsNullOrWhiteSpace(TagHelper.Href))
{
output.Attributes.Add("aria-current", "page");
return(_encoder.Encode(TagHelper.Title));
}
var link = new TagBuilder("a");
link.Attributes.Add("href", TagHelper.Href);
link.InnerHtml.Append(TagHelper.Title);
return(link.ToHtmlString());
}
protected virtual string GetOpeningTags(TagHelperContext context, TagHelperOutput output)
{
var localizer = _stringLocalizerFactory.Create(typeof(AbpUiResource));
var pagerInfo = (TagHelper.ShowInfo ?? false) ?
" <div class=\"col-sm-12 col-md-5\"> " + _encoder.Encode(localizer["PagerInfo{0}{1}{2}", TagHelper.Model.ShowingFrom, TagHelper.Model.ShowingTo, TagHelper.Model.TotalItemsCount]) + "</div>\r\n"
: "";
return
(pagerInfo +
" <div class=\"col-sm-12 col-md-7\">\r\n" +
" <nav aria-label=\"Page navigation\">\r\n" +
" <ul class=\"pagination justify-content-end\">");
}
public async Task <IActionResult> OnGet(int id)
{
Session = await _apiClient.GetSessionAsync(id);
if (Session == null)
{
return(RedirectToPage("/Index"));
}
var allSessions = await _apiClient.GetSessionsAsync();
var startDate = allSessions.Min(s => s.StartTime?.Date);
DayOffset = Session.StartTime?.DateTime.Subtract(startDate ?? DateTimeOffset.MinValue).Days;
if (!string.IsNullOrEmpty(Session.Abstract))
{
var encodedCrLf = _htmlEncoder.Encode("\r\n");
var encodedAbstract = _htmlEncoder.Encode(Session.Abstract);
Session.Abstract = "<p>" + String.Join("</p><p>", encodedAbstract.Split(encodedCrLf, StringSplitOptions.RemoveEmptyEntries)) + "</p>";
}
return(Page());
}
/// <inheritdoc />
public void WriteTo(TextWriter writer, HtmlEncoder encoder)
{
if (writer == null)
{
throw new ArgumentNullException(nameof(writer));
}
if (encoder == null)
{
throw new ArgumentNullException(nameof(encoder));
}
encoder.Encode(writer, _input);
}
private string AlterCustomBoldWordsToBoldTags(string cardContent, HtmlEncoder htmlEncoder, CardColors cardColor)
{
var modifiedCardContent = string.Empty;
Match matchCollection;
try
{
matchCollection = Regex.Match(cardContent, onScreenWhileEditing_BoldRegex_Pattern,
RegexOptions.IgnoreCase | RegexOptions.Compiled,
TimeSpan.FromSeconds(1));
if (matchCollection.Success)
{
modifiedCardContent = cardContent;
while (matchCollection.Success)
{
var boldText_Replacement = matchCollection.Groups["boldText"].Value;
boldText_Replacement = boldText_Replacement.Replace("<", htmlEncoder.Encode("<"));
boldText_Replacement = boldText_Replacement.Replace(">", htmlEncoder.Encode(">"));
boldText_Replacement = String.Concat($"<b style='font-family: ui-sans-serif; font-stretch: expanded; font-size: 125%; color:{nameof(cardColor)};'>", boldText_Replacement, "</b>");
modifiedCardContent = modifiedCardContent.Replace($"[bold]{matchCollection.Groups["boldText"].Value}[/bold]", boldText_Replacement);
matchCollection = matchCollection.NextMatch();
}
}
else
{
modifiedCardContent = cardContent;
}
}
catch (RegexMatchTimeoutException)
{
Console.WriteLine("The matching operation timed out.");
}
return(modifiedCardContent);
}
