public void TestMoveToId()
{
using (GumboWrapper gumbo = new GumboWrapper(TestHtml))
{
var nav = gumbo.CreateNavigator();
nav.MoveToId("tag123");
Assert.AreEqual("p", nav.Name);
}
}
public void TestSelectSingleNodeForElement()
{
using (GumboWrapper gumbo = new GumboWrapper(TestHtml))
{
var nav = gumbo.CreateNavigator();
var node = nav.SelectSingleNode("/html/body/span");
Assert.AreEqual("Pillz here!", node.Value);
Assert.AreEqual("span", node.Name);
Assert.AreEqual("span", node.LocalName);
}
}
public void TestSelectSingleNodeAttribute()
{
using (GumboWrapper gumbo = new GumboWrapper(TestHtml))
{
var nav = gumbo.CreateNavigator();
var node = nav.SelectSingleNode("/html/body/@class");
Assert.AreEqual("gumbo", node.Value);
Assert.AreEqual("class", node.Name);
Assert.AreEqual("class", node.LocalName);
}
}
public void TestHeadBody()
{
string testHtml = "<html><body class=\"gumbo\">привет!</body></html>";
using (var gumbo = new GumboWrapper(testHtml))
{
var list = gumbo.Document.Root.Children.OfType<ElementWrapper>().ToList();
Assert.Equal(GumboTag.GUMBO_TAG_HEAD, list[0].Tag);
Assert.Equal(null, list[0].OriginalTag);
Assert.Equal(GumboTag.GUMBO_TAG_BODY, list[1].Tag);
}
}
public void TestAttributes()
{
string testHtml = "<html><body class=\"gumbo\">привет!</body></html>";
using (var gumbo = new GumboWrapper(testHtml))
{
var list = gumbo.Document.Root.Children.OfType<ElementWrapper>().ToList();
Assert.Equal("class", list[1].Attributes.First().Name);
Assert.Equal("gumbo", list[1].Attributes.First().Value);
}
}
public void TestFirstAndLastTagsInEnum()
{
string testHtml = "<html><head><head><body><title></title><base></base><tt></tt><unknown123></unknown123></body></html>";
using (var gumbo = new GumboWrapper(testHtml))
{
var list = gumbo.Document.Root.Children.OfType<ElementWrapper>().ToList();
Assert.Equal(GumboTag.GUMBO_TAG_HEAD, list[0].Tag);
Assert.Equal("<head>", list[0].OriginalTag);
var body = list[1].Children.OfType<ElementWrapper>().ToList();
Assert.Equal(GumboTag.GUMBO_TAG_TITLE, body[0].Tag);
Assert.Equal(GumboTag.GUMBO_TAG_BASE, body[1].Tag);
Assert.Equal(GumboTag.GUMBO_TAG_TT, body[2].Tag);
Assert.Equal(GumboTag.GUMBO_TAG_UNKNOWN, body[3].Tag);
}
}
public bool IsValidHtmlResponseString(List<RequestValidationParam> taintfulParams, string responseText, out RequestValidationParam dangerousParam)
{
dangerousParam = null;
// HACK: Deny null-byte injection techniques. Perhaps, there are a better place and method to implement it.
if (responseText.IndexOf('\0') != -1)
{
dangerousParam = new RequestValidationParam("null-byte", "Undefined", "...\\0");
return false;
}
var parsedResponse = new GumboWrapper(responseText);
if (!parsedResponse.Document.Children.Any()) return true;
// Get boundaries for all occurences of request params in response text
var insertionsMap =
InsertionsMap.FindAllPrecise(
taintfulParams,
responseText);
if (insertionsMap.Count == 0) return true;
// In case of parse errors, needed a check that positions of errors isn't included to insertions map
if (parsedResponse.Errors != null && parsedResponse.Errors.Any())
{
foreach (var error in parsedResponse.Errors)
{
foreach (var insertionArea in insertionsMap)
{
if (!insertionArea.Includes((int) error.position.offset)) continue;
// Inclusion found (integrity of response has been violated by request parameter at error position)
dangerousParam = insertionArea.Param;
return false;
}
}
}
// Deny obviously dangerous insertions
foreach (var insertionArea in from insertionArea in insertionsMap
let paramValue = insertionArea.Param.Value
where
// paramValue ⊃ "<[A-Za-z%!/?]?"
paramValue.Where(
(t, i) =>
t == '<' && i < paramValue.Length - 1 &&
(
(
(paramValue[i + 1] >= 'a' && paramValue[i + 1] <= 'z')
|| (paramValue[i + 1] >= 'A' && paramValue[i + 1] <= 'Z')
)
|| paramValue[i + 1] == '%'
|| paramValue[i + 1] == '!'
|| paramValue[i + 1] == '/'
|| paramValue[i + 1] == '?'
)
).Any()
select insertionArea)
{
dangerousParam = insertionArea.Param;
return false;
}
var result = true;
foreach (var node in parsedResponse.Document.Children.OfType<ElementWrapper>())
{
result &= ValidateNode(node, insertionsMap, ref dangerousParam);
}
return result;
}
public GumboNavigator(GumboWrapper gumbo, AttributeWrapper attribute)
{
_Gumbo = gumbo;
_State = new NavigatorState(attribute);
}
public GumboNavigator(GumboWrapper gumbo, NodeWrapper node)
{
_Gumbo = gumbo;
_State = new NavigatorState(node);
}