/// <summary> /// Raises the <see cref="E:RemovingTag" /> event. /// </summary> /// <param name="e">The <see cref="RemovingTagEventArgs"/> instance containing the event data.</param> protected virtual void OnRemovingTag(RemovingTagEventArgs e) { if (RemovingTag != null) { RemovingTag(this, e); } }
/// <summary> /// Sanitizes the specified HTML. /// </summary> /// <param name="html">The HTML to sanitize.</param> /// <param name="baseUrl">The base URL relative URLs are resolved against. No resolution if empty.</param> /// <returns>The sanitized HTML.</returns> public string Sanitize(string html, string baseUrl = "") { var dom = CQ.Create(html); foreach (var tag in dom["*"].Not(string.Join(",", AllowedTags.ToArray())).ToList()) { var e = new RemovingTagEventArgs { Tag = tag }; OnRemovingTag(e); if (!e.Cancel) { tag.Remove(); } } foreach (var tag in dom["*"]) { foreach (var attribute in tag.Attributes.Where(a => !AllowedAttributesSet.Contains(a.Key)).ToList()) { RemoveAttribute(tag, attribute); } foreach (var attribute in tag.Attributes.Where(a => UriAttributes.Contains(a.Key)).ToList()) { var url = SanitizeUrl(attribute.Value, baseUrl); if (url == null) { RemoveAttribute(tag, attribute); } else { tag.SetAttribute(attribute.Key, url); } } SanitizeStyle(tag.Style, baseUrl); foreach (var attribute in tag.Attributes.ToList()) { if (JSInclude.IsMatch(attribute.Value)) { RemoveAttribute(tag, attribute); } var val = attribute.Value; if (val.Contains('<')) { val = val.Replace("<", "<"); tag.SetAttribute(attribute.Key, val); } if (val.Contains('>')) { val = val.Replace(">", ">"); tag.SetAttribute(attribute.Key, val); } } } var output = dom.Render(DomRenderingOptions.RemoveComments | DomRenderingOptions.QuoteAllAttributes); return(output); }
/// <summary> /// Raises the <see cref="E:RemovingTag" /> event. /// </summary> /// <param name="e">The <see cref="RemovingTagEventArgs"/> instance containing the event data.</param> protected virtual void OnRemovingTag(RemovingTagEventArgs e) { if (RemovingTag != null) RemovingTag(this, e); }
/// <summary> /// Sanitizes the specified HTML. /// </summary> /// <param name="html">The HTML to sanitize.</param> /// <param name="baseUrl">The base URL relative URLs are resolved against. No resolution if empty.</param> /// <returns>The sanitized HTML.</returns> public string Sanitize(string html, string baseUrl = "") { var dom = CQ.Create(html); foreach (var tag in dom["*"].Not(string.Join(",", AllowedTags.ToArray())).ToList()) { var e = new RemovingTagEventArgs { Tag = tag }; OnRemovingTag(e); if (!e.Cancel) tag.Remove(); } foreach (var tag in dom["*"]) { foreach (var attribute in tag.Attributes.Where(a => !AllowedAttributesSet.Contains(a.Key)).ToList()) { RemoveAttribute(tag, attribute); } foreach (var attribute in tag.Attributes.Where(a => UriAttributes.Contains(a.Key)).ToList()) { var url = SanitizeUrl(attribute.Value, baseUrl); if (url == null) { RemoveAttribute(tag, attribute); } else tag.SetAttribute(attribute.Key, url); } SanitizeStyle(tag.Style, baseUrl); foreach (var attribute in tag.Attributes.ToList()) { if (JSInclude.IsMatch(attribute.Value)) RemoveAttribute(tag, attribute); var val = attribute.Value; if (val.Contains('<')) { val = val.Replace("<", "<"); tag.SetAttribute(attribute.Key, val); } if (val.Contains('>')) { val = val.Replace(">", ">"); tag.SetAttribute(attribute.Key, val); } } } var output = dom.Render(DomRenderingOptions.RemoveComments | DomRenderingOptions.QuoteAllAttributes); return output; }