Пример #1
0
        /// <summary>
        /// Tries to create a safe <see cref="Uri"/> object from a string.
        /// </summary>
        /// <param name="url">The URL.</param>
        /// <returns>The <see cref="Uri"/> object or null if no safe <see cref="Uri"/> can be created.</returns>
        protected Uri GetSafeUri(string url)
        {
            Uri uri;

            if (!Uri.TryCreate(url, UriKind.RelativeOrAbsolute, out uri) ||
                !uri.IsAbsoluteUri && !IsWellFormedRelativeUri(uri) ||
                uri.IsAbsoluteUri && !AllowedSchemes.Contains(uri.Scheme, StringComparer.OrdinalIgnoreCase))
            {
                return(null);
            }

            return(uri);
        }
Пример #2
0
        /// <summary>
        /// Tries to create a safe <see cref="Iri"/> object from a string.
        /// </summary>
        /// <param name="url">The URL.</param>
        /// <returns>The <see cref="Iri"/> object or null if no safe <see cref="Iri"/> can be created.</returns>
        protected Iri GetSafeIri(string url)
        {
            var schemeMatch = SchemeRegex.Match(url);

            if (schemeMatch.Success)
            {
                var scheme = schemeMatch.Groups[1].Value;
                return(AllowedSchemes.Contains(scheme, StringComparer.OrdinalIgnoreCase) ? new Iri {
                    Value = url, Scheme = scheme
                } : null);
            }

            return(new Iri {
                Value = url
            });
        }
Пример #3
0
        internal Md2HtmlSanitizer()
        {
            AllowedTags.Add(@"meta");
            AllowedTags.Add(@"style");

            AllowedAttributes.Add(@"content");
            AllowedAttributes.Add(@"http-equiv");
            AllowedAttributes.Add(@"id");
            AllowedAttributes.Add(@"class");

            AllowedCssProperties.Add(@"src");
            AllowedCssProperties.Add(@"word-break");
            AllowedCssProperties.Add(@"word-wrap");
            AllowedCssProperties.Add(@"-moz-tab-size");
            AllowedCssProperties.Add(@"-o-tab-size");
            AllowedCssProperties.Add(@"tab-size");
            AllowedCssProperties.Add(@"-webkit-hyphens");
            AllowedCssProperties.Add(@"-moz-hyphens");
            AllowedCssProperties.Add(@"-ms-hyphens");
            AllowedCssProperties.Add(@"hyphens");
            AllowedCssProperties.Add(@"background-position-x");
            AllowedCssProperties.Add(@"background-position-y");
            AllowedCssProperties.Add(@"transition-property");
            AllowedCssProperties.Add(@"transition-duration");
            AllowedCssProperties.Add(@"transition-timing-function");
            AllowedCssProperties.Add(@"transition-delay");
            AllowedCssProperties.Add(@"box-shadow");

            AllowedSchemes.Add(@"file");
            AllowedSchemes.Add(@"data");

            AllowedAtRules.Add(CssRuleType.Media);
            AllowedAtRules.Add(CssRuleType.Keyframe);
            AllowedAtRules.Add(CssRuleType.Keyframes);

            RemovingAtRule    += ChangedEvent;
            RemovingAttribute += ChangedEvent;
            RemovingCssClass  += ChangedEvent;
            RemovingStyle     += ChangedEvent;
            RemovingTag       += ChangedEvent;
        }