Exemplo n.º 1
0
 public ActionResult EditRecomment(Blog blogView, string[] link, int[] linkId, string recommentTitle, int[] selectedCategory, string[] linkDescription)
 {
     if (ModelState.IsValid)
     {
         var userId = User.Identity.GetUserId <int>();
         var blog   = _blogService.Find(blogView.Id, userId);
         blog.Title       = blogView.Title;
         blog.TimeStamp   = DateTime.Now;
         blog.HtmlContent = Sanitizer.GetSafeHtml(blogView.HtmlContent);
         blog.Content     = blogView.Content;
         if (blogView.Status == BlogStatus.Report || blogView.Status == BlogStatus.Verify)
         {
             blog.Status = BlogStatus.Verify;
         }
         else
         {
             blog.Status = BlogStatus.Publish;
         }
         blog = _blogService.Update(blog, link, linkId, linkDescription);
         HttpPostedFileBase file = Request.Files["fileField"];
         _blogService.SaveRecomment(file, recommentTitle, blog.Id, selectedCategory);
         return(RedirectToAction("PublishSuccess", new { id = blog.Id }));
     }
     blogView.Links = new Collection <Link>();
     return(View(blogView));
 }
Exemplo n.º 2
0
        public ActionResult SaveTestimonialDetails(TestimonialModel testimonialModel)
        {
            var serialization      = new Serialization();
            var testimonialBA      = new Testimonial();
            var HashCriteria       = new Hashtable();
            var TestimonialDetails = new TestimonialModel();
            var actualCriteria     = string.Empty;

            if (ModelState.IsValid)
            {
                HashCriteria.Add("ID", testimonialModel.ID);
                HashCriteria.Add("Author", testimonialModel.Author);
                var description = Sanitizer.GetSafeHtml(testimonialModel.Description);
                HashCriteria.Add("Description", description);
                HashCriteria.Add("UserID", userID);
                actualCriteria = serialization.SerializeBinary((object)HashCriteria);
                var result        = testimonialBA.SaveTestimonialDetails(actualCriteria);
                var testimonialID = Convert.ToInt32(serialization.DeSerializeBinary(Convert.ToString(result)));
                SaveTestimonialImages(testimonialID);
                Session["TestimonialImages"] = null;
                if (testimonialModel.ID <= 0)
                {
                    TempData["TestimonialSuccess"] = "Testimonial details has been saved successfully..!";
                }
                else
                {
                    TempData["TestimonialSuccess"] = "Testimonial details has been modified successfully..!";
                }
            }
            return(RedirectToAction("Admin", "Dashboard"));
        }
Exemplo n.º 3
0
        public ActionResult Manifest(Guid id)
        {
            var model = computerDataService.SelectOne(c => c.Id == id);

            model.ManifestHtml = Sanitizer.GetSafeHtml(model.ManifestHtml);
            return(View(model));
        }
Exemplo n.º 4
0
        public ActionResult FroalaAutoSave(string body, int?postId)  // نام پارامتر بادي را تغيير ندهيد
        {
            body = Sanitizer.GetSafeHtml(body);

            //todo: save body ...
            return(new EmptyResult());
        }
Exemplo n.º 5
0
 /// <summary>
 /// 过滤脚本
 /// </summary>
 /// <param name="value"></param>
 /// <param name="defalutValue"></param>
 /// <returns></returns>
 public static string FilterJavaScript(this string value, string defalutValue)
 {
     if (value.IsNullOrEmpty())
     {
         return(defalutValue);
     }
     else
     {
         return(Sanitizer.GetSafeHtml(value));
     }
 }
Exemplo n.º 6
0
        public void GetSafeHtml_SourceEncodingShouldBeRemovedFromImageTag()
        {
            // Arrange
            const string input    = "<html><head></head><body><IMG SRC=\"jav&#x09;ascript:alert('XSS');\"></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<img src=\"\">\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 7
0
        public void GetSafeHtml_LinkTagsShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head><link rel=javascript:alert('XSS');></head><body></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 8
0
        public void GetSafeHtml_ScriptInImageSourceShouldBeRemovedThree()
        {
            // Arrange
            const string input    = "<html><head></head><body><img src=jav   ascript:alert('XSS');></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<img src=\"jav\">\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 9
0
        public void GetSafeHtml_ScriptInMalformedImageTagShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body><img><script>alert(\"XSS\")</script></img></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<img>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 10
0
        public void GetSafeHtml_EmbedTagsShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body><embed src=\"\" AllowScriptAccess=\"always\"></embed></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 11
0
        public void GetSafeHtml_OnMouseOverAttributeOnTagShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body><p onmouseover=\"\"></p></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<p></p>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 12
0
        public void GetSafeHtml_StyleableAttributeOnTagShouldBeRemovedLeavingOtherTags()
        {
            // Arrange
            const string input    = "<html><head></head><body><a href=\"\" style=\"\"></a></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<a href=\"\"></a>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 13
0
        public void GetSafeHtml_ScriptInTableBackgroundAttributeShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body><table background=\"javascript:alert('XSS');\"></table></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<table background=\"\">\r\n</table>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 14
0
        public void GetSafeHtml_DivTagsShouldNotBeAdded()
        {
            // Arrange
            const string input    = "<html><head></head><body><input type=\"text\" /></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<input type=\"text\">\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 15
0
        public void GetSafeHtml_DuplicateAttributesShouldBeHandledAppropriately()
        {
            // Arrange
            const string input    = "<html><head></head><body><p id=\"\" id=\"\" style=\"\" style=\"\"></p></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<p id=\"\" id=\"\"></p>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 16
0
        public void GetSafeHtml_StyleTagShouldBeRemovedUserTwo()
        {
            // Arrange
            const string input    = "<div style=\"font-family:Foo,Bar\\,'a\\a';font-family:';color:expression(alert(1));y'\">aaa</div>";
            const string expected = "<html>\r\n<body>\r\n<div>aaa</div>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 17
0
        public void GetSafeHtml_ErrorAttributeShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body><img src=\"\" onerror=\"XSS\" /></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<img src=\"\">\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 18
0
        public void GetSafeHtml_OnLoadAttributeOnBodyTagShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body onload=\"\"></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 19
0
        public void GetSafeHtml_StyleTagInHeaderShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head><style></style></head><body></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 20
0
        public void GetSafeHtml_ShouldNotRemoveNonOffendingText()
        {
            // Arrange
            const string input    = "<html><head></head><body><script>alert('hi');</script>This text is removed</body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\nThis text is removed\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 21
0
        public void GetSafeHtml_MetaTagsShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head><meta http-equiv=\"refresh\" content=\"0;url=javascript:alert('XSS');\"></head><body></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 22
0
        public void GetSafeHtml_StyleTagInHeaderShouldBeRemovedAdvanced()
        {
            // Arrange
            const string input    = "<html><head><style>* {color:rgb(0,0,0)\\-o-link:'data:text/html,%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e';color:rgb(x)\\-o-link-source:current;}</style></head><body></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 23
0
        public void GetSafeHtml_ObjectTagsShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body><object classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></object></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
 public ActionResult Edit(Article article)
 {
     if (ModelState.IsValid)
     {
         article.Body = Sanitizer.GetSafeHtml(article.Body);
         db.Articles.Attach(article);
         db.ObjectStateManager.ChangeObjectState(article, EntityState.Modified);
         db.SaveChanges();
         return(RedirectToAction("Index"));
     }
     return(View(article));
 }
Exemplo n.º 25
0
        public void GetSafeHtml_XMLTagsShouldBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body><xml id=\"xss\"></xml></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 26
0
        public void GetSafeHtml_OutOfOrderTagsShouldStillRemoveScriptsTwo()
        {
            // Arrange
            const string input    = "<html><head></head><body><div><p><div><p><script src=\"\" /></p></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<div>\r\n<p></p>\r\n<div>\r\n<p></p>\r\n</div>\r\n</div>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 27
0
        public void GetSafeHtml_ChildControlsShouldNotBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body><a href=\"\" target=\"\"><img src=\"\" /> My Image</a></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<a href=\"\" target=\"\"><img src=\"\"> My Image</a>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
        public ActionResult Create(Article article)
        {
            if (ModelState.IsValid)
            {
                article.Body = Sanitizer.GetSafeHtml(article.Body);
                db.Articles.AddObject(article);
                db.SaveChanges();
                return(RedirectToAction("Index"));
            }

            return(View(article));
        }
Exemplo n.º 29
0
        public void GetSafeHtml_NonBlacklistedTagsShouldNotBeRemoved()
        {
            // Arrange
            const string input    = "<html><head></head><body><b>Some text</b><strong>More text</strong></body></html>";
            const string expected = "<html>\r\n<head>\r\n</head>\r\n<body>\r\n<b>Some text</b><strong>More text</strong>\r\n</body>\r\n</html>\r\n";

            // Act
            string actual = Sanitizer.GetSafeHtml(input);

            // Assert
            Assert.AreEqual(expected, actual);
        }
Exemplo n.º 30
0
        public IActionResult Demo(MyPerson model)
        {
            if (ModelState.IsValid)
            {
                model.Bio      = Sanitizer.GetSafeHtml(model.Bio);
                ViewData.Model = model;
                return(View("DemoResult"));
            }

            ModelState.AddModelError("", "This is not connected to a field!");

            return(View());
        }