public void OnMetadataCreated_ThrowsIfMetadataIsNull()
{
// Arrange
AllowHtmlAttribute attr = new AllowHtmlAttribute();
// Act & assert
Assert.ThrowsArgumentNull(
delegate { attr.OnMetadataCreated(null); }, "metadata");
}
public void OnMetadataCreated_ThrowsIfMetadataIsNull()
{
// Arrange
AllowHtmlAttribute attr = new AllowHtmlAttribute();
// Act & assert
Assert.ThrowsArgumentNull(
delegate { attr.OnMetadataCreated(null); }, "metadata");
}
private string SanitizeHtmlSanitizer(string dirty, AllowHtmlAttribute attribute)
{
var sanitizer = new HtmlSanitizer(
allowedTags: attribute != null ? attribute.AllowedTags : new string[0],
allowedSchemes: new string[0],
allowedAttributes: new string[0],
uriAttributes: new string[0],
allowedCssProperties: new string[0]);
return(sanitizer.Sanitize(dirty, outputFormatter: OutputFormatters.HtmlEncodingNone));
}
public void OnMetadataCreated_ThrowsIfMetadataIsNull()
{
// Arrange
AllowHtmlAttribute attr = new AllowHtmlAttribute();
// Act & assert
ExceptionHelper.ExpectArgumentNullException(
delegate {
attr.OnMetadataCreated(null);
}, "metadata");
}
public void OnMetadataCreated()
{
// Arrange
ModelMetadata modelMetadata = new ModelMetadata(new Mock<ModelMetadataProvider>().Object, null, null, typeof(object), "SomeProperty");
AllowHtmlAttribute attr = new AllowHtmlAttribute();
// Act
bool originalValue = modelMetadata.RequestValidationEnabled;
attr.OnMetadataCreated(modelMetadata);
bool newValue = modelMetadata.RequestValidationEnabled;
// Assert
Assert.True(originalValue);
Assert.False(newValue);
}
public void OnMetadataCreated()
{
// Arrange
ModelMetadata modelMetadata = new ModelMetadata(new Mock <ModelMetadataProvider>().Object, null, null, typeof(object), "SomeProperty");
AllowHtmlAttribute attr = new AllowHtmlAttribute();
// Act
bool originalValue = modelMetadata.RequestValidationEnabled;
attr.OnMetadataCreated(modelMetadata);
bool newValue = modelMetadata.RequestValidationEnabled;
// Assert
Assert.True(originalValue);
Assert.False(newValue);
}
public void OnMetadataCreated()
{
// Arrange
ModelMetadata modelMetadata = new ModelMetadata(new Mock <ModelMetadataProvider>().Object, null, null, typeof(object), "SomeProperty");
AllowHtmlAttribute attr = new AllowHtmlAttribute();
// Act
bool originalValue = modelMetadata.RequestValidationEnabled;
attr.OnMetadataCreated(modelMetadata);
bool newValue = modelMetadata.RequestValidationEnabled;
// Assert
Assert.IsTrue(originalValue, "RequestValidationEnabled should have defaulted to 'true'.");
Assert.IsFalse(newValue, "RequestValidationEnabled should have been set to 'false' by this attribute.");
}
private string Sanitize(string dirty, AllowHtmlAttribute attribute, XssStrategy strategy)
{
switch (strategy)
{
case XssStrategy.AspNet:
throw new NotImplementedException();
case XssStrategy.HtmlSanitizer:
return(SanitizeHtmlSanitizer(dirty, attribute));
case XssStrategy.AntiXss:
return(SanitizeAntiXss(dirty, attribute));
default:
throw new NotImplementedException();
}
}
private string SanitizeAntiXss(string dirty, AllowHtmlAttribute attribute)
{
if (attribute != null)
{
return(dirty);
}
var sanitized = Sanitizer.GetSafeHtmlFragment(dirty);
if (!dirty.Equals(sanitized))
{
// Revert HTML encoded special characters
sanitized = sanitized.Replace("<", "<");
sanitized = sanitized.Replace(">", ">");
sanitized = sanitized.Replace("&", "&");
sanitized = sanitized.Replace(""", "\"");
}
return(sanitized);
}
private string SanitizeAntiXss(string dirty, AllowHtmlAttribute attribute)
{
if (attribute != null) return dirty;
var sanitized = Sanitizer.GetSafeHtmlFragment(dirty);
if (!dirty.Equals(sanitized))
{
// Revert HTML encoded special characters
sanitized = sanitized.Replace("<", "<");
sanitized = sanitized.Replace(">", ">");
sanitized = sanitized.Replace("&", "&");
sanitized = sanitized.Replace(""", "\"");
}
return sanitized;
}
private string SanitizeHtmlSanitizer(string dirty, AllowHtmlAttribute attribute)
{
var sanitizer = new HtmlSanitizer(
allowedTags: attribute != null ? attribute.AllowedTags : new string[0],
allowedSchemes: new string[0],
allowedAttributes: new string[0],
uriAttributes: new string[0],
allowedCssProperties: new string[0]);
return sanitizer.Sanitize(dirty, outputFormatter: OutputFormatters.HtmlEncodingNone);
}
private string Sanitize(string dirty, AllowHtmlAttribute attribute, XssStrategy strategy)
{
switch (strategy)
{
case XssStrategy.AspNet:
throw new NotImplementedException();
case XssStrategy.HtmlSanitizer:
return SanitizeHtmlSanitizer(dirty, attribute);
case XssStrategy.AntiXss:
return SanitizeAntiXss(dirty, attribute);
default:
throw new NotImplementedException();
}
}
public HtmlSanitizerModelValidator(IEnumerable<ModelValidatorProvider> validatorProviders, AllowHtmlAttribute attribute) : base(validatorProviders)
{
_attribute = attribute;
}
public HtmlSanitizerModelValidator(IEnumerable <ModelValidatorProvider> validatorProviders, AllowHtmlAttribute attribute) : base(validatorProviders)
{
_attribute = attribute;
}
