private async Task ApplyContentSecurityPolicy(TagHelperOutput output, string uniqueId) { ContentSecurityPolicyHelper cspHelper = new ContentSecurityPolicyHelper(ViewContext); ContentSecurityPolicyInlineExecution currentInlineExecution = cspHelper.GetCurrentInlineExecution(output.TagName); if (currentInlineExecution == ContentSecurityPolicyInlineExecution.Nonce) { output.Attributes.Add(ContentSecurityPolicyHelper.NonceAttribute, cspHelper.GetCurrentNonce()); } else if (currentInlineExecution.IsHashBased()) { string contentHash = null; if (!String.IsNullOrEmpty(uniqueId)) { contentHash = cspHelper.GetHashFromCache(uniqueId); } if (contentHash == null) { string content = output.Content.IsModified ? output.Content.GetContent() : (await output.GetChildContentAsync()).GetContent(); contentHash = ContentSecurityPolicyHelper.ComputeHash(currentInlineExecution, content); if (!String.IsNullOrEmpty(uniqueId)) { cspHelper.AddHashToCache(uniqueId, contentHash); } } cspHelper.AddHashToInlineExecutionSources(output.TagName, contentHash); } }
public ContentSecurityPolicyInlineElement(ViewContext context, string elementTagName, IDictionary <string, object> htmlAttributes) { _viewContext = context; _cspHelper = new ContentSecurityPolicyHelper(_viewContext); _currentInlineExecution = _cspHelper.GetCurrentInlineExecution(elementTagName); _elementTag = new TagBuilder(elementTagName); _elementTag.MergeAttributes(htmlAttributes); if (_currentInlineExecution == ContentSecurityPolicyInlineExecution.Nonce) { _elementTag.MergeAttribute(ContentSecurityPolicyHelper.NonceAttribute, _cspHelper.GetCurrentNonce()); } _elementTag.TagRenderMode = TagRenderMode.StartTag; _elementTag.WriteTo(_viewContext.Writer, HtmlEncoder.Default); if (_currentInlineExecution.IsHashBased()) { _viewContextWriter = _viewContext.Writer; _viewContext.Writer = new StringWriter(); } }