/// <summary>
/// Html标签过滤/清除
/// </summary>
/// <remarks>需要在Starter中注册TrustedHtml类,也可以通过重写Basic与HtmlEditor方法来自定义过滤规则</remarks>
/// <param name="rawHtml">需要处理的Html字符串</param>
/// <param name="level">受信任Html标签严格程度</param>
public static string CleanHtml(string rawHtml, TrustedHtmlLevel level)
{
if (string.IsNullOrEmpty(rawHtml))
{
return(rawHtml);
}
HtmlDocument doc = new HtmlDocument()
{
OptionAutoCloseOnEnd = true, OptionWriteEmptyNodes = true
};
TrustedHtml trustedHtml = DIContainer.Resolve <TrustedHtml>();
switch (level)
{
case TrustedHtmlLevel.Basic:
trustedHtml = trustedHtml.Basic();
break;
case TrustedHtmlLevel.HtmlEditor:
trustedHtml = trustedHtml.HtmlEditor();
break;
}
doc.LoadHtml(rawHtml);
HtmlNodeCollection nodes = doc.DocumentNode.SelectNodes("//*");
if (nodes != null)
{
string host = string.Empty;
if (HttpContext.Current != null)
{
host = WebUtility.HostPath(HttpContext.Current.Request.Url);
}
Dictionary <string, string> enforcedAttributes;
nodes.ToList().ForEach(n =>
{
if (trustedHtml.IsSafeTag(n.Name))
{
//过滤属性
n.Attributes.ToList().ForEach(attr =>
{
if (!trustedHtml.IsSafeAttribute(n.Name, attr.Name, attr.Value))
{
attr.Remove();
}
else if (attr.Value.StartsWith("javascirpt:", StringComparison.InvariantCultureIgnoreCase))
{
attr.Value = "javascirpt:;";
}
});
//为标签增加强制添加的属性
enforcedAttributes = trustedHtml.GetEnforcedAttributes(n.Name);
if (enforcedAttributes != null)
{
foreach (KeyValuePair <string, string> attr in enforcedAttributes)
{
if (!n.Attributes.Select(a => a.Name).Contains(attr.Key))
{
n.Attributes.Add(attr.Key, attr.Value);
}
else
{
n.Attributes[attr.Key].Value = attr.Value;
}
}
}
if (n.Name == "a")
{
if (n.Attributes.Contains("href"))
{
string href = n.Attributes["href"].Value;
if (href.StartsWith("http://") && !href.ToLowerInvariant().StartsWith(host.ToLower()))
{
if (!n.Attributes.Select(a => a.Name).Contains("rel"))
{
n.Attributes.Add("rel", "nofollow");
}
else if (n.Attributes["rel"].Value != "fancybox")
{
n.Attributes["rel"].Value = "nofollow";
}
}
}
}
}
else
{
if (trustedHtml.EncodeHtml)
{
n.HtmlEncode = true;
}
else
{
n.RemoveTag();//移除不允许的Html标签
}
}
});
}
return(doc.DocumentNode.WriteTo());
}
public static string CleanHtml(string rawHtml, TrustedHtmlLevel level)
{
if (string.IsNullOrEmpty(rawHtml))
{
return rawHtml;
}
HtmlDocument htmlDocument = new HtmlDocument
{
OptionAutoCloseOnEnd = true,
OptionWriteEmptyNodes = true
};
TrustedHtml trustedHtml = DIContainer.Resolve<TrustedHtml>();
switch (level)
{
case TrustedHtmlLevel.Basic:
trustedHtml = trustedHtml.Basic();
break;
case TrustedHtmlLevel.HtmlEditor:
trustedHtml = trustedHtml.HtmlEditor();
break;
}
htmlDocument.LoadHtml(rawHtml);
HtmlNodeCollection htmlNodeCollection = htmlDocument.get_DocumentNode().SelectNodes("//*");
if (htmlNodeCollection != null)
{
string host = string.Empty;
if (HttpContext.Current != null)
{
host = WebUtility.HostPath(HttpContext.Current.Request.Url);
}
System.Collections.Generic.Dictionary<string, string> enforcedAttributes;
htmlNodeCollection.ToList<HtmlNode>().ForEach(delegate(HtmlNode n)
{
if (trustedHtml.IsSafeTag(n.get_Name()))
{
n.get_Attributes().ToList<HtmlAttribute>().ForEach(delegate(HtmlAttribute attr)
{
if (!trustedHtml.IsSafeAttribute(n.get_Name(), attr.get_Name(), attr.get_Value()))
{
attr.Remove();
return;
}
if (attr.get_Value().StartsWith("javascirpt:", System.StringComparison.InvariantCultureIgnoreCase))
{
attr.set_Value("javascirpt:;");
}
});
enforcedAttributes = trustedHtml.GetEnforcedAttributes(n.get_Name());
if (enforcedAttributes != null)
{
foreach (System.Collections.Generic.KeyValuePair<string, string> current in enforcedAttributes)
{
if (!(
from a in n.get_Attributes()
select a.get_Name()).Contains(current.Key))
{
n.get_Attributes().Add(current.Key, current.Value);
}
else
{
n.get_Attributes().get_Item(current.Key).set_Value(current.Value);
}
}
}
if (n.get_Name() == "a" && n.get_Attributes().Contains("href"))
{
string value = n.get_Attributes().get_Item("href").get_Value();
if (value.StartsWith("http://") && !value.ToLowerInvariant().StartsWith(host.ToLower()))
{
if (!(
from a in n.get_Attributes()
select a.get_Name()).Contains("rel"))
{
n.get_Attributes().Add("rel", "nofollow");
return;
}
if (n.get_Attributes().get_Item("rel").get_Value() != "fancybox")
{
n.get_Attributes().get_Item("rel").set_Value("nofollow");
return;
}
}
}
}
else
{
if (trustedHtml.EncodeHtml)
{
n.set_HtmlEncode(true);
return;
}
n.RemoveTag();
}
});
}
return htmlDocument.get_DocumentNode().WriteTo();
}
public static string CleanHtml(string rawHtml, TrustedHtmlLevel level)
{
if (string.IsNullOrEmpty(rawHtml))
{
return(rawHtml);
}
HtmlDocument htmlDocument = new HtmlDocument
{
OptionAutoCloseOnEnd = true,
OptionWriteEmptyNodes = true
};
TrustedHtml trustedHtml = new TrustedHtml();// DIContainer.Resolve<TrustedHtml>();
switch (level)
{
case TrustedHtmlLevel.Basic:
trustedHtml = trustedHtml.Basic();
break;
case TrustedHtmlLevel.HtmlEditor:
trustedHtml = trustedHtml.HtmlEditor();
break;
}
htmlDocument.LoadHtml(rawHtml);
HtmlNodeCollection htmlNodeCollection = htmlDocument.DocumentNode.SelectNodes("//*");
if (htmlNodeCollection != null)
{
string host = string.Empty;
if (HttpContext.Current != null)
{
host = WebUtility.HostPath(HttpContext.Current.Request.Url);
}
System.Collections.Generic.Dictionary <string, string> enforcedAttributes;
htmlNodeCollection.ToList <HtmlNode>().ForEach(delegate(HtmlNode n)
{
if (trustedHtml.IsSafeTag(n.Name))
{
n.Attributes.ToList <HtmlAttribute>().ForEach(delegate(HtmlAttribute attr)
{
if (!trustedHtml.IsSafeAttribute(n.Name, attr.Name, attr.Value))
{
attr.Remove();
return;
}
if (attr.Value.StartsWith("javascirpt:", System.StringComparison.InvariantCultureIgnoreCase))
{
attr.Value = "javascirpt:;";
}
});
enforcedAttributes = trustedHtml.GetEnforcedAttributes(n.Name);
if (enforcedAttributes != null)
{
foreach (System.Collections.Generic.KeyValuePair <string, string> current in enforcedAttributes)
{
if (!(
from a in n.Attributes
select a.Name).Contains(current.Key))
{
n.Attributes.Add(current.Key, current.Value);
}
else
{
n.Attributes[current.Key].Value = current.Value;
}
}
}
if (n.Name == "a" && n.Attributes.Contains("href"))
{
string value = n.Attributes["href"].Value;
if (value.StartsWith("http://") && !value.ToLowerInvariant().StartsWith(host.ToLower()))
{
if (!(
from a in n.Attributes
select a.Name).Contains("rel"))
{
n.Attributes.Add("rel", "nofollow");
return;
}
if (n.Attributes["rel"].Value != "fancybox")
{
n.Attributes["rel"].Value = "nofollow";
return;
}
}
}
}
else
{
if (trustedHtml.EncodeHtml)
{
n.HtmlEncode = true;
return;
}
n.RemoveTag();
}
});
}
return(htmlDocument.DocumentNode.WriteTo());
}