Exemplo n.º 1
0
 /// <summary>
 /// Raises the <see cref="E:RemovingTag" /> event.
 /// </summary>
 /// <param name="e">The <see cref="RemovingTagEventArgs"/> instance containing the event data.</param>
 protected virtual void OnRemovingTag(RemovingTagEventArgs e)
 {
     if (RemovingTag != null)
     {
         RemovingTag(this, e);
     }
 }
Exemplo n.º 2
0
        /// <summary>
        /// Sanitizes the specified HTML.
        /// </summary>
        /// <param name="html">The HTML to sanitize.</param>
        /// <param name="baseUrl">The base URL relative URLs are resolved against. No resolution if empty.</param>
        /// <returns>The sanitized HTML.</returns>
        public string Sanitize(string html, string baseUrl = "")
        {
            var dom = CQ.Create(html);

            foreach (var tag in dom["*"].Not(string.Join(",", AllowedTags.ToArray())).ToList())
            {
                var e = new RemovingTagEventArgs {
                    Tag = tag
                };
                OnRemovingTag(e);
                if (!e.Cancel)
                {
                    tag.Remove();
                }
            }

            foreach (var tag in dom["*"])
            {
                foreach (var attribute in tag.Attributes.Where(a => !AllowedAttributesSet.Contains(a.Key)).ToList())
                {
                    RemoveAttribute(tag, attribute);
                }

                foreach (var attribute in tag.Attributes.Where(a => UriAttributes.Contains(a.Key)).ToList())
                {
                    var url = SanitizeUrl(attribute.Value, baseUrl);
                    if (url == null)
                    {
                        RemoveAttribute(tag, attribute);
                    }
                    else
                    {
                        tag.SetAttribute(attribute.Key, url);
                    }
                }

                SanitizeStyle(tag.Style, baseUrl);

                foreach (var attribute in tag.Attributes.ToList())
                {
                    if (JSInclude.IsMatch(attribute.Value))
                    {
                        RemoveAttribute(tag, attribute);
                    }

                    var val = attribute.Value;
                    if (val.Contains('<'))
                    {
                        val = val.Replace("<", "&lt;"); tag.SetAttribute(attribute.Key, val);
                    }
                    if (val.Contains('>'))
                    {
                        val = val.Replace(">", "&gt;"); tag.SetAttribute(attribute.Key, val);
                    }
                }
            }

            var output = dom.Render(DomRenderingOptions.RemoveComments | DomRenderingOptions.QuoteAllAttributes);

            return(output);
        }
Exemplo n.º 3
0
 /// <summary>
 /// Raises the <see cref="E:RemovingTag" /> event.
 /// </summary>
 /// <param name="e">The <see cref="RemovingTagEventArgs"/> instance containing the event data.</param>
 protected virtual void OnRemovingTag(RemovingTagEventArgs e)
 {
     if (RemovingTag != null) RemovingTag(this, e);
 }
Exemplo n.º 4
0
        /// <summary>
        /// Sanitizes the specified HTML.
        /// </summary>
        /// <param name="html">The HTML to sanitize.</param>
        /// <param name="baseUrl">The base URL relative URLs are resolved against. No resolution if empty.</param>
        /// <returns>The sanitized HTML.</returns>
        public string Sanitize(string html, string baseUrl = "")
        {
            var dom = CQ.Create(html);

            foreach (var tag in dom["*"].Not(string.Join(",", AllowedTags.ToArray())).ToList())
            {
                var e = new RemovingTagEventArgs { Tag = tag };
                OnRemovingTag(e);
                if (!e.Cancel) tag.Remove();
            }

            foreach (var tag in dom["*"])
            {
                foreach (var attribute in tag.Attributes.Where(a => !AllowedAttributesSet.Contains(a.Key)).ToList())
                {
                    RemoveAttribute(tag, attribute);
                }

                foreach (var attribute in tag.Attributes.Where(a => UriAttributes.Contains(a.Key)).ToList())
                {
                    var url = SanitizeUrl(attribute.Value, baseUrl);
                    if (url == null)
                    {
                        RemoveAttribute(tag, attribute);
                    }
                    else
                        tag.SetAttribute(attribute.Key, url);
                }

                SanitizeStyle(tag.Style, baseUrl);

                foreach (var attribute in tag.Attributes.ToList())
                {
                    if (JSInclude.IsMatch(attribute.Value))
                        RemoveAttribute(tag, attribute);

                    var val = attribute.Value;
                    if (val.Contains('<')) { val = val.Replace("<", "&lt;"); tag.SetAttribute(attribute.Key, val); }
                    if (val.Contains('>')) { val = val.Replace(">", "&gt;"); tag.SetAttribute(attribute.Key, val); }
                }
            }

            var output = dom.Render(DomRenderingOptions.RemoveComments | DomRenderingOptions.QuoteAllAttributes);

            return output;
        }