Allow all attribute values if there is no regex

2018-07-05 16:27:30 +03:00
parent 7069cb4af8
commit cac021caca
5 changed files with 2421 additions and 4 deletions
--- a/src/AntiSamy/AntiSamy.csproj
+++ b/src/AntiSamy/AntiSamy.csproj
@@ -4,13 +4,13 @@
    <TargetFrameworks>netstandard2.0;net45;net46</TargetFrameworks>
    <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
    <Authors>Caner Patır</Authors>
-    <Version>1.0.4</Version>
-    <FileVersion>1.0.4.0</FileVersion>
+    <Version>1.0.5</Version>
+    <FileVersion>1.0.5.0</FileVersion>
    <RepositoryUrl>https://github.com/canerpatir/AntiSamy.NET</RepositoryUrl>
    <PackageIconUrl>https://raw.githubusercontent.com/canerpatir/AntiSamy.NET/master/icon.png</PackageIconUrl>
    <PackageProjectUrl>https://github.com/canerpatir/AntiSamy.NET</PackageProjectUrl>
    <PackageLicenseUrl>https://github.com/canerpatir/AntiSamy.NET/blob/master/LICENCE</PackageLicenseUrl>
-    <AssemblyVersion>1.0.4.0</AssemblyVersion>
+    <AssemblyVersion>1.0.5.0</AssemblyVersion>
    <RepositoryType>git</RepositoryType>
    <Description>A .net standard library for performing configurable cleansing of HTML coming from untrusted sources.</Description>
    <Copyright>Caner Patır</Copyright>
--- a/src/AntiSamy/AntiSamyDomScanner.cs
+++ b/src/AntiSamy/AntiSamyDomScanner.cs
@@ -150,6 +150,11 @@ namespace AntiSamy
                        }
                        else
                        {
+                            if (!allowwdAttr.AllowedValues.Any() && !allowwdAttr.AllowedRegExps.Any())
+                            {
+                                continue;
+                            }
+
                            var isAttributeValid = false;
                            //try to find out how robust this is - do I need to do this in a loop?
                            value = HtmlEntity.DeEntitize(value);
--- a/test/AntiSamy.Tests/AntiSamy.Tests.csproj
+++ b/test/AntiSamy.Tests/AntiSamy.Tests.csproj
@@ -6,6 +6,10 @@
    <IsPackable>false</IsPackable>
  </PropertyGroup>

+  <ItemGroup>
+    <None Remove="resources\antisamy-mysite.xml" />
+  </ItemGroup>
+
  <ItemGroup>
    <PackageReference Include="FluentAssertions" Version="5.3.0" />
    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.6.0" />
@@ -15,7 +19,9 @@
  </ItemGroup>

  <ItemGroup>
-    <Folder Include="resources\" />
+    <Content Include="resources\antisamy-mysite.xml">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </Content>
  </ItemGroup>

  <ItemGroup>
--- a/test/AntiSamy.Tests/UseCaseTests.cs
+++ b/test/AntiSamy.Tests/UseCaseTests.cs
@@ -128,5 +128,21 @@ namespace AntiSamy.Tests

        }

+        [Fact]
+        public void allow_any_src_in_img_tag()
+        {
+            var scanner = new AntiSamy();
+
+            /*
+             * remove non-allowed hrefs
+             */
+
+            var input = "Size Table: ;<p><img src=\"/Assets/ProductImages/chartlar/image.jpg\" width=\"456\" height=\"197\" alt=\"\" /></p> ; Lorem ipsum";
+
+            AntiySamyResult result = scanner.Scan(input, GetPolicy("antisamy-mysite.xml"));
+
+            result.CleanHtml.Should().Be(input);
+        }
+
    }
 }
--- a/test/AntiSamy.Tests/resources/antisamy-mysite.xml
+++ b/test/AntiSamy.Tests/resources/antisamy-mysite.xml