/// <summary>
/// Remove all HTML tags and javascript from the specified string. If <paramref name="escapeQuotes"/> is <c>true</c>, then all
/// apostrophes and quotation marks are replaced with " and ' so that the string can be specified in HTML
/// attributes such as title tags.
/// </summary>
/// <param name="html">The string containing HTML tags to remove.</param>
/// <param name="escapeQuotes">When true, all apostrophes and quotation marks are replaced with " and '.</param>
/// <returns>Returns a string with all HTML tags removed, including the brackets.</returns>
public static string RemoveHtml(string html, bool escapeQuotes)
{
HtmlValidator scrubber = new HtmlValidator(html, null, null, false);
string cleanHtml = scrubber.Clean();
if (escapeQuotes)
{
cleanHtml = cleanHtml.Replace("\"", """);
cleanHtml = cleanHtml.Replace("'", "'");
}
return(cleanHtml);
}
/// <summary>
/// Removes potentially dangerous HTML and Javascript in <paramref name="html"/>. If the configuration
/// setting allowHtmlInTitlesAndCaptions is true, then the input is cleaned so that all HTML tags that are not in a
/// predefined list are HTML-encoded and invalid HTML attributes are deleted. If allowHtmlInTitlesAndCaptions is false,
/// then all HTML tags are deleted. If the setting allowUserEnteredJavascript is true, then script tags and the text "javascript:"
/// is allowed. Note that if script is not in the list of valid HTML tags defined in allowedHtmlTags, it will be deleted even when
/// allowUserEnteredJavascript is true. When the setting is false, all script tags and instances of the
/// text "javascript:" are deleted.
/// </summary>
/// <param name="html">The string containing the HTML tags.</param>
/// <returns>Returns a string with potentially dangerous HTML tags deleted.</returns>
public static string Clean(string html)
{
if (_allowHtmlInTitlesAndCaptions)
{
HtmlValidator scrubber = new HtmlValidator(html, _allowedHtmlTags, _allowedHtmlAttributes, _allowUserEnteredJavascript);
return(scrubber.Clean());
}
else
{
// HTML not allowed. Pass in empty variables for the valid tags and attributes.
HtmlValidator scrubber = new HtmlValidator(html, null, null, _allowUserEnteredJavascript);
return(scrubber.Clean());
}
}
/// <summary>
/// Removes potentially dangerous HTML and Javascript in <paramref name="html"/>. If the configuration
/// setting <see cref="IGallerySettings.AllowUserEnteredHtml" /> is true, then the input is cleaned so that all
/// HTML tags that are not in a predefined list are HTML-encoded and invalid HTML attributes are deleted. If
/// <see cref="IGallerySettings.AllowUserEnteredHtml" /> is false, then all HTML tags are deleted. If the setting
/// <see cref="IGallerySettings.AllowUserEnteredJavascript" /> is true, then script tags and the text "javascript:"
/// is allowed. Note that if script is not in the list of valid HTML tags defined in <see cref="IGallerySettings.AllowedHtmlTags" />,
/// it will be deleted even when <see cref="IGallerySettings.AllowUserEnteredJavascript" /> is true. When the setting
/// is false, all script tags and instances of the text "javascript:" are deleted.
/// </summary>
/// <param name="html">The string containing the HTML tags.</param>
/// <param name="galleryId">The gallery ID. This is used to look up the appropriate configuration values for the gallery.</param>
/// <returns>
/// Returns a string with potentially dangerous HTML tags deleted.
/// </returns>
public static string Clean(string html, int galleryId)
{
IGallerySettings gallerySetting = Factory.LoadGallerySetting(galleryId);
if (gallerySetting.AllowUserEnteredHtml)
{
HtmlValidator scrubber = new HtmlValidator(html, gallerySetting.AllowedHtmlTags, gallerySetting.AllowedHtmlAttributes, gallerySetting.AllowUserEnteredJavascript);
return(scrubber.Clean());
}
else
{
// HTML not allowed. Pass in empty variables for the valid tags and attributes.
HtmlValidator scrubber = new HtmlValidator(html, null, null, gallerySetting.AllowUserEnteredJavascript);
return(scrubber.Clean());
}
}
/// <summary>
/// Remove all HTML tags and javascript from the specified string. If <paramref name="escapeQuotes"/> is <c>true</c>, then all
/// apostrophes and quotation marks are replaced with " and ' so that the string can be specified in HTML
/// attributes such as title tags.
/// </summary>
/// <param name="html">The string containing HTML tags to remove.</param>
/// <param name="escapeQuotes">When true, all apostrophes and quotation marks are replaced with " and '.</param>
/// <returns>Returns a string with all HTML tags removed, including the brackets.</returns>
public static string RemoveHtml(string html, bool escapeQuotes)
{
HtmlValidator scrubber = new HtmlValidator(html, null, null, false);
string cleanHtml = scrubber.Clean();
if (escapeQuotes)
{
cleanHtml = cleanHtml.Replace("\"", """);
cleanHtml = cleanHtml.Replace("'", "'");
}
return cleanHtml;
}
/// <summary>
/// Removes potentially dangerous HTML and Javascript in <paramref name="html"/>. If the configuration
/// setting <see cref="IGallerySettings.AllowUserEnteredHtml" /> is true, then the input is cleaned so that all
/// HTML tags that are not in a predefined list are HTML-encoded and invalid HTML attributes are deleted. If
/// <see cref="IGallerySettings.AllowUserEnteredHtml" /> is false, then all HTML tags are deleted. If the setting
/// <see cref="IGallerySettings.AllowUserEnteredJavascript" /> is true, then script tags and the text "javascript:"
/// is allowed. Note that if script is not in the list of valid HTML tags defined in <see cref="IGallerySettings.AllowedHtmlTags" />,
/// it will be deleted even when <see cref="IGallerySettings.AllowUserEnteredJavascript" /> is true. When the setting
/// is false, all script tags and instances of the text "javascript:" are deleted.
/// </summary>
/// <param name="html">The string containing the HTML tags.</param>
/// <param name="galleryId">The gallery ID. This is used to look up the appropriate configuration values for the gallery.</param>
/// <returns>
/// Returns a string with potentially dangerous HTML tags deleted.
/// </returns>
public static string Clean(string html, int galleryId)
{
IGallerySettings gallerySetting = Factory.LoadGallerySetting(galleryId);
if (gallerySetting.AllowUserEnteredHtml)
{
HtmlValidator scrubber = new HtmlValidator(html, gallerySetting.AllowedHtmlTags, gallerySetting.AllowedHtmlAttributes, gallerySetting.AllowUserEnteredJavascript);
return scrubber.Clean();
}
else
{
// HTML not allowed. Pass in empty variables for the valid tags and attributes.
HtmlValidator scrubber = new HtmlValidator(html, null, null, gallerySetting.AllowUserEnteredJavascript);
return scrubber.Clean();
}
}
