/// <summary>Test if the supplied attribute is allowed by this whitelist for this tag</summary> /// <param name="tagName">tag to consider allowing the attribute in</param> /// <param name="el">element under test, to confirm protocol</param> /// <param name="attr">attribute under test</param> /// <returns>true if allowed</returns> protected internal virtual bool IsSafeAttribute(String tagName, iText.StyledXmlParser.Jsoup.Nodes.Element el, iText.StyledXmlParser.Jsoup.Nodes.Attribute attr) { Whitelist.TagName tag = Whitelist.TagName.ValueOf(tagName); Whitelist.AttributeKey key = Whitelist.AttributeKey.ValueOf(attr.Key); if (attributes.ContainsKey(tag)) { if (attributes.Get(tag).Contains(key)) { if (protocols.ContainsKey(tag)) { IDictionary <Whitelist.AttributeKey, ICollection <Whitelist.Protocol> > attrProts = protocols.Get(tag); // ok if not defined protocol; otherwise test return(!attrProts.ContainsKey(key) || TestValidProtocol(el, attr, attrProts.Get(key))); } else { // attribute found, no protocols defined, so OK return(true); } } } // no attributes defined for tag, try :all tag return(!tagName.Equals(":all") && IsSafeAttribute(":all", el, attr)); }
internal void NewAttribute() { if (attributes == null) { attributes = new Attributes(); } if (pendingAttributeName != null) { iText.StyledXmlParser.Jsoup.Nodes.Attribute attribute; if (hasPendingAttributeValue) { attribute = new iText.StyledXmlParser.Jsoup.Nodes.Attribute(pendingAttributeName, pendingAttributeValue.Length > 0 ? pendingAttributeValue.ToString() : pendingAttributeValueS); } else { if (hasEmptyAttributeValue) { attribute = new iText.StyledXmlParser.Jsoup.Nodes.Attribute(pendingAttributeName, ""); } else { attribute = new BooleanAttribute(pendingAttributeName); } } attributes.Put(attribute); } pendingAttributeName = null; hasEmptyAttributeValue = false; hasPendingAttributeValue = false; Reset(pendingAttributeValue); pendingAttributeValueS = null; }
private bool TestValidProtocol(iText.StyledXmlParser.Jsoup.Nodes.Element el, iText.StyledXmlParser.Jsoup.Nodes.Attribute attr, ICollection <Whitelist.Protocol> protocols) { // try to resolve relative urls to abs, and optionally update the attribute so output html has abs. // rels without a baseuri get removed String value = el.AbsUrl(attr.Key); if (value.Length == 0) { value = attr.Value; } // if it could not be made abs, run as-is to allow custom unknown protocols if (!preserveRelativeLinks) { attr.SetValue(value); } foreach (Whitelist.Protocol protocol in protocols) { String prot = protocol.ToString(); if (prot.Equals("#")) { // allows anchor links if (IsValidAnchor(value)) { return(true); } else { continue; } } prot += ":"; if (value.ToLowerInvariant().StartsWith(prot)) { return(true); } } return(false); }