/// <summary>
        /// Remove all HTML tags and javascript from the specified string. If <paramref name="escapeQuotes"/> is <c>true</c>, then all
        /// apostrophes and quotation marks are replaced with &quot; and &apos; so that the string can be specified in HTML
        /// attributes such as title tags.
        /// </summary>
        /// <param name="html">The string containing HTML tags to remove.</param>
        /// <param name="escapeQuotes">When true, all apostrophes and quotation marks are replaced with &quot; and &apos;.</param>
        /// <returns>Returns a string with all HTML tags removed, including the brackets.</returns>
        public static string RemoveHtml(string html, bool escapeQuotes)
        {
            HtmlValidator scrubber  = new HtmlValidator(html, null, null, false);
            string        cleanHtml = scrubber.Clean();

            if (escapeQuotes)
            {
                cleanHtml = cleanHtml.Replace("\"", "&quot;");
                cleanHtml = cleanHtml.Replace("'", "&apos;");
            }

            return(cleanHtml);
        }
示例#2
0
 /// <summary>
 /// Removes potentially dangerous HTML and Javascript in <paramref name="html"/>. If the configuration
 /// setting allowHtmlInTitlesAndCaptions is true, then the input is cleaned so that all HTML tags that are not in a
 /// predefined list are HTML-encoded and invalid HTML attributes are deleted. If allowHtmlInTitlesAndCaptions is false,
 /// then all HTML tags are deleted. If the setting allowUserEnteredJavascript is true, then script tags and the text "javascript:"
 /// is allowed. Note that if script is not in the list of valid HTML tags defined in allowedHtmlTags, it will be deleted even when
 /// allowUserEnteredJavascript is true. When the setting is false, all script tags and instances of the
 /// text "javascript:" are deleted.
 /// </summary>
 /// <param name="html">The string containing the HTML tags.</param>
 /// <returns>Returns a string with potentially dangerous HTML tags deleted.</returns>
 public static string Clean(string html)
 {
     if (_allowHtmlInTitlesAndCaptions)
     {
         HtmlValidator scrubber = new HtmlValidator(html, _allowedHtmlTags, _allowedHtmlAttributes, _allowUserEnteredJavascript);
         return(scrubber.Clean());
     }
     else
     {
         // HTML not allowed. Pass in empty variables for the valid tags and attributes.
         HtmlValidator scrubber = new HtmlValidator(html, null, null, _allowUserEnteredJavascript);
         return(scrubber.Clean());
     }
 }
        /// <summary>
        /// Removes potentially dangerous HTML and Javascript in <paramref name="html"/>. If the configuration
        /// setting <see cref="IGallerySettings.AllowUserEnteredHtml" /> is true, then the input is cleaned so that all
        /// HTML tags that are not in a predefined list are HTML-encoded and invalid HTML attributes are deleted. If
        /// <see cref="IGallerySettings.AllowUserEnteredHtml" /> is false, then all HTML tags are deleted. If the setting
        /// <see cref="IGallerySettings.AllowUserEnteredJavascript" /> is true, then script tags and the text "javascript:"
        /// is allowed. Note that if script is not in the list of valid HTML tags defined in <see cref="IGallerySettings.AllowedHtmlTags" />,
        /// it will be deleted even when <see cref="IGallerySettings.AllowUserEnteredJavascript" /> is true. When the setting
        /// is false, all script tags and instances of the text "javascript:" are deleted.
        /// </summary>
        /// <param name="html">The string containing the HTML tags.</param>
        /// <param name="galleryId">The gallery ID. This is used to look up the appropriate configuration values for the gallery.</param>
        /// <returns>
        /// Returns a string with potentially dangerous HTML tags deleted.
        /// </returns>
        public static string Clean(string html, int galleryId)
        {
            IGallerySettings gallerySetting = Factory.LoadGallerySetting(galleryId);

            if (gallerySetting.AllowUserEnteredHtml)
            {
                HtmlValidator scrubber = new HtmlValidator(html, gallerySetting.AllowedHtmlTags, gallerySetting.AllowedHtmlAttributes, gallerySetting.AllowUserEnteredJavascript);
                return(scrubber.Clean());
            }
            else
            {
                // HTML not allowed. Pass in empty variables for the valid tags and attributes.
                HtmlValidator scrubber = new HtmlValidator(html, null, null, gallerySetting.AllowUserEnteredJavascript);
                return(scrubber.Clean());
            }
        }
        /// <summary>
        /// Remove all HTML tags and javascript from the specified string. If <paramref name="escapeQuotes"/> is <c>true</c>, then all 
        /// apostrophes and quotation marks are replaced with &quot; and &apos; so that the string can be specified in HTML 
        /// attributes such as title tags.
        /// </summary>
        /// <param name="html">The string containing HTML tags to remove.</param>
        /// <param name="escapeQuotes">When true, all apostrophes and quotation marks are replaced with &quot; and &apos;.</param>
        /// <returns>Returns a string with all HTML tags removed, including the brackets.</returns>
        public static string RemoveHtml(string html, bool escapeQuotes)
        {
            HtmlValidator scrubber = new HtmlValidator(html, null, null, false);
            string cleanHtml = scrubber.Clean();

            if (escapeQuotes)
            {
                cleanHtml = cleanHtml.Replace("\"", "&quot;");
                cleanHtml = cleanHtml.Replace("'", "&apos;");
            }

            return cleanHtml;
        }
        /// <summary>
        /// Removes potentially dangerous HTML and Javascript in <paramref name="html"/>. If the configuration
        /// setting <see cref="IGallerySettings.AllowUserEnteredHtml" /> is true, then the input is cleaned so that all 
        /// HTML tags that are not in a predefined list are HTML-encoded and invalid HTML attributes are deleted. If 
        /// <see cref="IGallerySettings.AllowUserEnteredHtml" /> is false, then all HTML tags are deleted. If the setting 
        /// <see cref="IGallerySettings.AllowUserEnteredJavascript" /> is true, then script tags and the text "javascript:"
        /// is allowed. Note that if script is not in the list of valid HTML tags defined in <see cref="IGallerySettings.AllowedHtmlTags" />,
        /// it will be deleted even when <see cref="IGallerySettings.AllowUserEnteredJavascript" /> is true. When the setting 
        /// is false, all script tags and instances of the text "javascript:" are deleted.
        /// </summary>
        /// <param name="html">The string containing the HTML tags.</param>
        /// <param name="galleryId">The gallery ID. This is used to look up the appropriate configuration values for the gallery.</param>
        /// <returns>
        /// Returns a string with potentially dangerous HTML tags deleted.
        /// </returns>
        public static string Clean(string html, int galleryId)
        {
            IGallerySettings gallerySetting = Factory.LoadGallerySetting(galleryId);

            if (gallerySetting.AllowUserEnteredHtml)
            {
                HtmlValidator scrubber = new HtmlValidator(html, gallerySetting.AllowedHtmlTags, gallerySetting.AllowedHtmlAttributes, gallerySetting.AllowUserEnteredJavascript);
                return scrubber.Clean();
            }
            else
            {
                // HTML not allowed. Pass in empty variables for the valid tags and attributes.
                HtmlValidator scrubber = new HtmlValidator(html, null, null, gallerySetting.AllowUserEnteredJavascript);
                return scrubber.Clean();
            }
        }