Пример #1
0
 /// <summary>Test if the supplied attribute is allowed by this whitelist for this tag</summary>
 /// <param name="tagName">tag to consider allowing the attribute in</param>
 /// <param name="el">element under test, to confirm protocol</param>
 /// <param name="attr">attribute under test</param>
 /// <returns>true if allowed</returns>
 protected internal virtual bool IsSafeAttribute(String tagName, iText.StyledXmlParser.Jsoup.Nodes.Element
                                                 el, iText.StyledXmlParser.Jsoup.Nodes.Attribute attr)
 {
     Whitelist.TagName      tag = Whitelist.TagName.ValueOf(tagName);
     Whitelist.AttributeKey key = Whitelist.AttributeKey.ValueOf(attr.Key);
     if (attributes.ContainsKey(tag))
     {
         if (attributes.Get(tag).Contains(key))
         {
             if (protocols.ContainsKey(tag))
             {
                 IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrProts = protocols.Get(tag);
                 // ok if not defined protocol; otherwise test
                 return(!attrProts.ContainsKey(key) || TestValidProtocol(el, attr, attrProts.Get(key)));
             }
             else
             {
                 // attribute found, no protocols defined, so OK
                 return(true);
             }
         }
     }
     // no attributes defined for tag, try :all tag
     return(!tagName.Equals(":all") && IsSafeAttribute(":all", el, attr));
 }
Пример #2
0
 /// <summary>Add an enforced attribute to a tag.</summary>
 /// <remarks>
 /// Add an enforced attribute to a tag. An enforced attribute will always be added to the element. If the element
 /// already has the attribute set, it will be overridden.
 /// <para />
 /// E.g.: <code>addEnforcedAttribute("a", "rel", "nofollow")</code> will make all <code>a</code> tags output as
 /// <code>&lt;a href="..." rel="nofollow"&gt;</code>
 /// </remarks>
 /// <param name="tag">The tag the enforced attribute is for. The tag will be added to the allowed tag list if necessary.
 ///     </param>
 /// <param name="key">The attribute key</param>
 /// <param name="value">The enforced attribute value</param>
 /// <returns>this (for chaining)</returns>
 public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist AddEnforcedAttribute(String tag, String key, String
                                                                                  value)
 {
     Validate.NotEmpty(tag);
     Validate.NotEmpty(key);
     Validate.NotEmpty(value);
     Whitelist.TagName tagName = Whitelist.TagName.ValueOf(tag);
     if (!tagNames.Contains(tagName))
     {
         tagNames.Add(tagName);
     }
     Whitelist.AttributeKey   attrKey = Whitelist.AttributeKey.ValueOf(key);
     Whitelist.AttributeValue attrVal = Whitelist.AttributeValue.ValueOf(value);
     if (enforcedAttributes.ContainsKey(tagName))
     {
         enforcedAttributes.Get(tagName).Put(attrKey, attrVal);
     }
     else
     {
         IDictionary <Whitelist.AttributeKey, Whitelist.AttributeValue> attrMap = new Dictionary <Whitelist.AttributeKey
                                                                                                  , Whitelist.AttributeValue>();
         attrMap.Put(attrKey, attrVal);
         enforcedAttributes.Put(tagName, attrMap);
     }
     return(this);
 }
Пример #3
0
 /// <summary>Remove allowed URL protocols for an element's URL attribute.</summary>
 /// <remarks>
 /// Remove allowed URL protocols for an element's URL attribute.
 /// <para />
 /// E.g.: <code>removeProtocols("a", "href", "ftp")</code>
 /// </remarks>
 /// <param name="tag">Tag the URL protocol is for</param>
 /// <param name="key">Attribute key</param>
 /// <param name="protocols">List of invalid protocols</param>
 /// <returns>this, for chaining</returns>
 public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist RemoveProtocols(String tag, String key, params
                                                                             String[] protocols)
 {
     Validate.NotEmpty(tag);
     Validate.NotEmpty(key);
     Validate.NotNull(protocols);
     Whitelist.TagName      tagName = Whitelist.TagName.ValueOf(tag);
     Whitelist.AttributeKey attrKey = Whitelist.AttributeKey.ValueOf(key);
     if (this.protocols.ContainsKey(tagName))
     {
         IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrMap = this.protocols.Get(tagName);
         if (attrMap.ContainsKey(attrKey))
         {
             ICollection <Whitelist.Protocol> protSet = attrMap.Get(attrKey);
             foreach (String protocol in protocols)
             {
                 Validate.NotEmpty(protocol);
                 Whitelist.Protocol prot = Whitelist.Protocol.ValueOf(protocol);
                 protSet.Remove(prot);
             }
             if (protSet.IsEmpty())
             {
                 // Remove protocol set if empty
                 attrMap.JRemove(attrKey);
                 if (attrMap.IsEmpty())
                 {
                     // Remove entry for tag if empty
                     this.protocols.JRemove(tagName);
                 }
             }
         }
     }
     return(this);
 }
Пример #4
0
        /// <summary>Add a list of allowed attributes to a tag.</summary>
        /// <remarks>
        /// Add a list of allowed attributes to a tag. (If an attribute is not allowed on an element, it will be removed.)
        /// <para />
        /// E.g.: <code>addAttributes("a", "href", "class")</code> allows <code>href</code> and <code>class</code> attributes
        /// on <code>a</code> tags.
        /// <para />
        /// To make an attribute valid for <b>all tags</b>, use the pseudo tag <code>:all</code>, e.g.
        /// <code>addAttributes(":all", "class")</code>.
        /// </remarks>
        /// <param name="tag">The tag the attributes are for. The tag will be added to the allowed tag list if necessary.
        ///     </param>
        /// <param name="keys">List of valid attributes for the tag</param>
        /// <returns>this (for chaining)</returns>
        public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist AddAttributes(String tag, params String[] keys
                                                                                  )
        {
            Validate.NotEmpty(tag);
            Validate.NotNull(keys);
            Validate.IsTrue(keys.Length > 0, "No attributes supplied.");
            Whitelist.TagName tagName = Whitelist.TagName.ValueOf(tag);
            if (!tagNames.Contains(tagName))
            {
                tagNames.Add(tagName);
            }
            ICollection <Whitelist.AttributeKey> attributeSet = new HashSet <Whitelist.AttributeKey>();

            foreach (String key in keys)
            {
                Validate.NotEmpty(key);
                attributeSet.Add(Whitelist.AttributeKey.ValueOf(key));
            }
            if (attributes.ContainsKey(tagName))
            {
                ICollection <Whitelist.AttributeKey> currentSet = attributes.Get(tagName);
                currentSet.AddAll(attributeSet);
            }
            else
            {
                attributes.Put(tagName, attributeSet);
            }
            return(this);
        }
Пример #5
0
        internal virtual Attributes GetEnforcedAttributes(String tagName)
        {
            Attributes attrs = new Attributes();

            Whitelist.TagName tag = Whitelist.TagName.ValueOf(tagName);
            if (enforcedAttributes.ContainsKey(tag))
            {
                IDictionary <Whitelist.AttributeKey, Whitelist.AttributeValue> keyVals = enforcedAttributes.Get(tag);
                foreach (KeyValuePair <Whitelist.AttributeKey, Whitelist.AttributeValue> entry in keyVals)
                {
                    attrs.Put(entry.Key.ToString(), entry.Value.ToString());
                }
            }
            return(attrs);
        }
Пример #6
0
 /// <summary>Remove a list of allowed elements from a whitelist.</summary>
 /// <remarks>Remove a list of allowed elements from a whitelist. (If a tag is not allowed, it will be removed from the HTML.)
 ///     </remarks>
 /// <param name="tags">tag names to disallow</param>
 /// <returns>this (for chaining)</returns>
 public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist RemoveTags(params String[] tags)
 {
     Validate.NotNull(tags);
     foreach (String tag in tags)
     {
         Validate.NotEmpty(tag);
         Whitelist.TagName tagName = Whitelist.TagName.ValueOf(tag);
         if (tagNames.Remove(tagName))
         {
             // Only look in sub-maps if tag was allowed
             attributes.JRemove(tagName);
             enforcedAttributes.JRemove(tagName);
             protocols.JRemove(tagName);
         }
     }
     return(this);
 }
Пример #7
0
 /// <summary>Remove a previously configured enforced attribute from a tag.</summary>
 /// <param name="tag">The tag the enforced attribute is for.</param>
 /// <param name="key">The attribute key</param>
 /// <returns>this (for chaining)</returns>
 public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist RemoveEnforcedAttribute(String tag, String key
                                                                                     )
 {
     Validate.NotEmpty(tag);
     Validate.NotEmpty(key);
     Whitelist.TagName tagName = Whitelist.TagName.ValueOf(tag);
     if (tagNames.Contains(tagName) && enforcedAttributes.ContainsKey(tagName))
     {
         Whitelist.AttributeKey attrKey = Whitelist.AttributeKey.ValueOf(key);
         IDictionary <Whitelist.AttributeKey, Whitelist.AttributeValue> attrMap = enforcedAttributes.Get(tagName);
         attrMap.JRemove(attrKey);
         if (attrMap.IsEmpty())
         {
             // Remove tag from enforced attribute map if no enforced attributes are present
             enforcedAttributes.JRemove(tagName);
         }
     }
     return(this);
 }
Пример #8
0
        /// <summary>Remove a list of allowed attributes from a tag.</summary>
        /// <remarks>
        /// Remove a list of allowed attributes from a tag. (If an attribute is not allowed on an element, it will be removed.)
        /// <para />
        /// E.g.: <code>removeAttributes("a", "href", "class")</code> disallows <code>href</code> and <code>class</code>
        /// attributes on <code>a</code> tags.
        /// <para />
        /// To make an attribute invalid for <b>all tags</b>, use the pseudo tag <code>:all</code>, e.g.
        /// <code>removeAttributes(":all", "class")</code>.
        /// </remarks>
        /// <param name="tag">The tag the attributes are for.</param>
        /// <param name="keys">List of invalid attributes for the tag</param>
        /// <returns>this (for chaining)</returns>
        public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist RemoveAttributes(String tag, params String[] keys
                                                                                     )
        {
            Validate.NotEmpty(tag);
            Validate.NotNull(keys);
            Validate.IsTrue(keys.Length > 0, "No attributes supplied.");
            Whitelist.TagName tagName = Whitelist.TagName.ValueOf(tag);
            ICollection <Whitelist.AttributeKey> attributeSet = new HashSet <Whitelist.AttributeKey>();

            foreach (String key in keys)
            {
                Validate.NotEmpty(key);
                attributeSet.Add(Whitelist.AttributeKey.ValueOf(key));
            }
            if (tagNames.Contains(tagName) && attributes.ContainsKey(tagName))
            {
                // Only look in sub-maps if tag was allowed
                ICollection <Whitelist.AttributeKey> currentSet = attributes.Get(tagName);
                currentSet.RemoveAll(attributeSet);
                if (currentSet.IsEmpty())
                {
                    // Remove tag from attribute map if no attributes are allowed for tag
                    attributes.JRemove(tagName);
                }
            }
            if (tag.Equals(":all"))
            {
                // Attribute needs to be removed from all individually set tags
                foreach (Whitelist.TagName name in attributes.Keys)
                {
                    ICollection <Whitelist.AttributeKey> currentSet = attributes.Get(name);
                    currentSet.RemoveAll(attributeSet);
                    if (currentSet.IsEmpty())
                    {
                        // Remove tag from attribute map if no attributes are allowed for tag
                        attributes.JRemove(name);
                    }
                }
            }
            return(this);
        }
Пример #9
0
        /// <summary>Add allowed URL protocols for an element's URL attribute.</summary>
        /// <remarks>
        /// Add allowed URL protocols for an element's URL attribute. This restricts the possible values of the attribute to
        /// URLs with the defined protocol.
        /// <para />
        /// E.g.: <code>addProtocols("a", "href", "ftp", "http", "https")</code>
        /// <para />
        /// To allow a link to an in-page URL anchor (i.e. <code>&lt;a href="#anchor"&gt;</code>, add a <code>#</code>:<br />
        /// E.g.: <code>addProtocols("a", "href", "#")</code>
        /// </remarks>
        /// <param name="tag">Tag the URL protocol is for</param>
        /// <param name="key">Attribute key</param>
        /// <param name="protocols">List of valid protocols</param>
        /// <returns>this, for chaining</returns>
        public virtual iText.StyledXmlParser.Jsoup.Safety.Whitelist AddProtocols(String tag, String key, params String
                                                                                 [] protocols)
        {
            Validate.NotEmpty(tag);
            Validate.NotEmpty(key);
            Validate.NotNull(protocols);
            Whitelist.TagName      tagName = Whitelist.TagName.ValueOf(tag);
            Whitelist.AttributeKey attrKey = Whitelist.AttributeKey.ValueOf(key);
            IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrMap;
            ICollection <Whitelist.Protocol> protSet;

            if (this.protocols.ContainsKey(tagName))
            {
                attrMap = this.protocols.Get(tagName);
            }
            else
            {
                attrMap = new Dictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> >();
                this.protocols.Put(tagName, attrMap);
            }
            if (attrMap.ContainsKey(attrKey))
            {
                protSet = attrMap.Get(attrKey);
            }
            else
            {
                protSet = new HashSet <Whitelist.Protocol>();
                attrMap.Put(attrKey, protSet);
            }
            foreach (String protocol in protocols)
            {
                Validate.NotEmpty(protocol);
                Whitelist.Protocol prot = Whitelist.Protocol.ValueOf(protocol);
                protSet.Add(prot);
            }
            return(this);
        }