示例#1
0
        public void OnMetadataCreated_ThrowsIfMetadataIsNull()
        {
            // Arrange
            AllowHtmlAttribute attr = new AllowHtmlAttribute();

            // Act & assert
            Assert.ThrowsArgumentNull(
                delegate { attr.OnMetadataCreated(null); }, "metadata");
        }
        public void OnMetadataCreated_ThrowsIfMetadataIsNull()
        {
            // Arrange
            AllowHtmlAttribute attr = new AllowHtmlAttribute();

            // Act & assert
            Assert.ThrowsArgumentNull(
                delegate { attr.OnMetadataCreated(null); }, "metadata");
        }
示例#3
0
        private string SanitizeHtmlSanitizer(string dirty, AllowHtmlAttribute attribute)
        {
            var sanitizer = new HtmlSanitizer(
                allowedTags: attribute != null ? attribute.AllowedTags : new string[0],
                allowedSchemes: new string[0],
                allowedAttributes: new string[0],
                uriAttributes: new string[0],
                allowedCssProperties: new string[0]);

            return(sanitizer.Sanitize(dirty, outputFormatter: OutputFormatters.HtmlEncodingNone));
        }
示例#4
0
        public void OnMetadataCreated_ThrowsIfMetadataIsNull()
        {
            // Arrange
            AllowHtmlAttribute attr = new AllowHtmlAttribute();

            // Act & assert
            ExceptionHelper.ExpectArgumentNullException(
                delegate {
                attr.OnMetadataCreated(null);
            }, "metadata");
        }
        public void OnMetadataCreated()
        {
            // Arrange
            ModelMetadata modelMetadata = new ModelMetadata(new Mock<ModelMetadataProvider>().Object, null, null, typeof(object), "SomeProperty");
            AllowHtmlAttribute attr = new AllowHtmlAttribute();

            // Act
            bool originalValue = modelMetadata.RequestValidationEnabled;
            attr.OnMetadataCreated(modelMetadata);
            bool newValue = modelMetadata.RequestValidationEnabled;

            // Assert
            Assert.True(originalValue);
            Assert.False(newValue);
        }
示例#6
0
        public void OnMetadataCreated()
        {
            // Arrange
            ModelMetadata      modelMetadata = new ModelMetadata(new Mock <ModelMetadataProvider>().Object, null, null, typeof(object), "SomeProperty");
            AllowHtmlAttribute attr          = new AllowHtmlAttribute();

            // Act
            bool originalValue = modelMetadata.RequestValidationEnabled;

            attr.OnMetadataCreated(modelMetadata);
            bool newValue = modelMetadata.RequestValidationEnabled;

            // Assert
            Assert.True(originalValue);
            Assert.False(newValue);
        }
示例#7
0
        public void OnMetadataCreated()
        {
            // Arrange
            ModelMetadata      modelMetadata = new ModelMetadata(new Mock <ModelMetadataProvider>().Object, null, null, typeof(object), "SomeProperty");
            AllowHtmlAttribute attr          = new AllowHtmlAttribute();

            // Act
            bool originalValue = modelMetadata.RequestValidationEnabled;

            attr.OnMetadataCreated(modelMetadata);
            bool newValue = modelMetadata.RequestValidationEnabled;

            // Assert
            Assert.IsTrue(originalValue, "RequestValidationEnabled should have defaulted to 'true'.");
            Assert.IsFalse(newValue, "RequestValidationEnabled should have been set to 'false' by this attribute.");
        }
示例#8
0
        private string Sanitize(string dirty, AllowHtmlAttribute attribute, XssStrategy strategy)
        {
            switch (strategy)
            {
            case XssStrategy.AspNet:
                throw new NotImplementedException();

            case XssStrategy.HtmlSanitizer:
                return(SanitizeHtmlSanitizer(dirty, attribute));

            case XssStrategy.AntiXss:
                return(SanitizeAntiXss(dirty, attribute));

            default:
                throw new NotImplementedException();
            }
        }
示例#9
0
        private string SanitizeAntiXss(string dirty, AllowHtmlAttribute attribute)
        {
            if (attribute != null)
            {
                return(dirty);
            }

            var sanitized = Sanitizer.GetSafeHtmlFragment(dirty);

            if (!dirty.Equals(sanitized))
            {
                // Revert HTML encoded special characters
                sanitized = sanitized.Replace("&lt;", "<");
                sanitized = sanitized.Replace("&gt;", ">");
                sanitized = sanitized.Replace("&amp;", "&");
                sanitized = sanitized.Replace("&quot;", "\"");
            }
            return(sanitized);
        }
        private string SanitizeAntiXss(string dirty, AllowHtmlAttribute attribute)
        {
            if (attribute != null) return dirty;

            var sanitized = Sanitizer.GetSafeHtmlFragment(dirty);
            if (!dirty.Equals(sanitized))
            {
                // Revert HTML encoded special characters
                sanitized = sanitized.Replace("&lt;", "<");
                sanitized = sanitized.Replace("&gt;", ">");
                sanitized = sanitized.Replace("&amp;", "&");
                sanitized = sanitized.Replace("&quot;", "\"");   
            }
            return sanitized;
        }
 private string SanitizeHtmlSanitizer(string dirty, AllowHtmlAttribute attribute)
 {
     var sanitizer = new HtmlSanitizer(
         allowedTags: attribute != null ? attribute.AllowedTags : new string[0],
         allowedSchemes: new string[0],
         allowedAttributes: new string[0],
         uriAttributes: new string[0],
         allowedCssProperties: new string[0]);
     return sanitizer.Sanitize(dirty, outputFormatter: OutputFormatters.HtmlEncodingNone);
 }
 private string Sanitize(string dirty, AllowHtmlAttribute attribute, XssStrategy strategy)
 {
     switch (strategy)
     {
         case XssStrategy.AspNet:
             throw new NotImplementedException();
         case XssStrategy.HtmlSanitizer:
             return SanitizeHtmlSanitizer(dirty, attribute);
         case XssStrategy.AntiXss:
             return SanitizeAntiXss(dirty, attribute);
         default:
             throw new NotImplementedException();
     }
 }
 public HtmlSanitizerModelValidator(IEnumerable<ModelValidatorProvider> validatorProviders, AllowHtmlAttribute attribute) : base(validatorProviders)
 {
     _attribute = attribute;
 }
 public HtmlSanitizerModelValidator(IEnumerable <ModelValidatorProvider> validatorProviders, AllowHtmlAttribute attribute) : base(validatorProviders)
 {
     _attribute = attribute;
 }