private async Task ApplyContentSecurityPolicy(TagHelperOutput output, string uniqueId)
{
ContentSecurityPolicyHelper cspHelper = new ContentSecurityPolicyHelper(ViewContext);
ContentSecurityPolicyInlineExecution currentInlineExecution = cspHelper.GetCurrentInlineExecution(output.TagName);
if (currentInlineExecution == ContentSecurityPolicyInlineExecution.Nonce)
{
output.Attributes.Add(ContentSecurityPolicyHelper.NonceAttribute, cspHelper.GetCurrentNonce());
}
else if (currentInlineExecution.IsHashBased())
{
string contentHash = null;
if (!String.IsNullOrEmpty(uniqueId))
{
contentHash = cspHelper.GetHashFromCache(uniqueId);
}
if (contentHash == null)
{
string content = output.Content.IsModified ? output.Content.GetContent() : (await output.GetChildContentAsync()).GetContent();
contentHash = ContentSecurityPolicyHelper.ComputeHash(currentInlineExecution, content);
if (!String.IsNullOrEmpty(uniqueId))
{
cspHelper.AddHashToCache(uniqueId, contentHash);
}
}
cspHelper.AddHashToInlineExecutionSources(output.TagName, contentHash);
}
}
public ContentSecurityPolicyInlineElement(ViewContext context, string elementTagName, IDictionary <string, object> htmlAttributes)
{
_viewContext = context;
_cspHelper = new ContentSecurityPolicyHelper(_viewContext);
_currentInlineExecution = _cspHelper.GetCurrentInlineExecution(elementTagName);
_elementTag = new TagBuilder(elementTagName);
_elementTag.MergeAttributes(htmlAttributes);
if (_currentInlineExecution == ContentSecurityPolicyInlineExecution.Nonce)
{
_elementTag.MergeAttribute(ContentSecurityPolicyHelper.NonceAttribute, _cspHelper.GetCurrentNonce());
}
_elementTag.TagRenderMode = TagRenderMode.StartTag;
_elementTag.WriteTo(_viewContext.Writer, HtmlEncoder.Default);
if (_currentInlineExecution.IsHashBased())
{
_viewContextWriter = _viewContext.Writer;
_viewContext.Writer = new StringWriter();
}
}