False
..\packages\CsQuery.1.3.4\lib\net40\CsQuery.dll
diff --git a/HtmlSanitizer.Tests/Tests.cs b/HtmlSanitizer.Tests/Tests.cs
index a6fa38d..ca8a1ea 100644
--- a/HtmlSanitizer.Tests/Tests.cs
+++ b/HtmlSanitizer.Tests/Tests.cs
@@ -1,3 +1,5 @@
+using CsQuery;
+using Ganss.Text;
using NUnit.Framework;
using System;
using System.Collections.Generic;
@@ -201,7 +203,7 @@ namespace Ganss.XSS.Tests
///
/// A test for Image Xss vector with Long UTF-8 Unicode
- /// Example
+ /// Example
///
[Test]
public void ImageLongUTF8UnicodeXSSTest()
@@ -222,7 +224,7 @@ namespace Ganss.XSS.Tests
///
/// A test for Image Xss vector with Hex encoding without semicolon
/// Example
- ///
+ ///
[Test]
public void ImageHexEncodeXSSTest()
{
@@ -242,7 +244,7 @@ namespace Ganss.XSS.Tests
///
/// A test for Image Xss vector with embedded tab
/// Example
- ///
+ ///
[Test]
public void ImageEmbeddedTabXSSTest()
{
@@ -262,7 +264,7 @@ namespace Ganss.XSS.Tests
///
/// A test for Image Xss vector with embedded encoded tab
/// Example
- ///
+ ///
[Test]
public void ImageEmbeddedEncodedTabXSSTest()
{
@@ -282,7 +284,7 @@ namespace Ganss.XSS.Tests
///
/// A test for Image Xss vector with embedded new line
/// Example
- ///
+ ///
[Test]
public void ImageEmbeddedNewLineXSSTest()
{
@@ -302,7 +304,7 @@ namespace Ganss.XSS.Tests
///
/// A test for Image Xss vector with embedded carriage return
/// Example
- ///
+ ///
[Test]
public void ImageEmbeddedCarriageReturnXSSTest()
{
@@ -324,7 +326,7 @@ namespace Ganss.XSS.Tests
/// Example
- ///
+ ///
[Test]
public void ImageMultilineInjectedXSSTest()
{
@@ -362,7 +364,7 @@ namespace Ganss.XSS.Tests
string htmlFragment = @"![](-"")
- /// A test for Image Xss vector with Null breaks up Javascript directive
+ /// A test for Image Xss vector with Null breaks up Javascript directive
/// Example
- ///
+ ///
[Test]
public void ImageNullBreaksUpXSSTest1()
{
@@ -418,7 +420,7 @@ S
}
///
- /// A test for Image Xss vector with Null breaks up cross site scripting vector
+ /// A test for Image Xss vector with Null breaks up cross site scripting vector
/// Example
///
[Test]
@@ -438,7 +440,7 @@ S
}
///
- /// A test for Image Xss vector with spaces and Meta characters
+ /// A test for Image Xss vector with spaces and Meta characters
/// Example
///
[Test]
@@ -460,7 +462,7 @@ S
///
/// A test for Image Xss vector with half open html
/// Example
- ///
+ ///
[Test]
public void ImageHalfOpenHtmlXSSTest()
{
@@ -480,7 +482,7 @@ S
///
/// A test for Image Xss vector with double open angle bracket
/// Example
- ///
+ ///
[Test]
public void ImageDoubleOpenAngleBracketXSSTest()
{
@@ -500,7 +502,7 @@ S
///
/// A test for Dic Xss vector with Javascript escaping
/// Example
- ///
+ ///
[Test]
public void DivJavascriptEscapingXSSTest()
{
@@ -520,7 +522,7 @@ S
///
/// A test for Image Xss vector with input image
/// Example
- ///
+ ///
[Test]
public void ImageInputXSSTest()
{
@@ -540,7 +542,7 @@ S
///
/// A test for Image Xss vector with Dynsrc
/// Example
- ///
+ ///
[Test]
public void ImageDynsrcXSSTest()
{
@@ -560,7 +562,7 @@ S
///
/// A test for Image Xss vector with Lowsrc
/// Example
- ///
+ ///
[Test]
public void ImageLowsrcXSSTest()
{
@@ -580,7 +582,7 @@ S
///
/// A test for Xss vector with BGSound
/// Example
- ///
+ ///
[Test]
public void BGSoundXSSTest()
{
@@ -600,7 +602,7 @@ S
///
/// A test for BR with Javascript Include
/// Example
- ///
+ ///
[Test]
public void BRJavascriptIncludeXSSTest()
{
@@ -620,7 +622,7 @@ S
///
/// A test for P with url in style
/// Example
- ///
+ ///
[Test]
public void PWithUrlInStyleXSSTest()
{
@@ -641,7 +643,7 @@ S
///
/// A test for Image with vbscript
/// Example
- ///
+ ///
[Test]
public void ImageWithVBScriptXSSTest()
{
@@ -661,7 +663,7 @@ S
///
/// A test for Image with Mocha
/// Example
- ///
+ ///
[Test]
public void ImageWithMochaXSSTest()
{
@@ -681,7 +683,7 @@ S
///
/// A test for Image with Livescript
/// Example
- ///
+ ///
[Test]
public void ImageWithLivescriptXSSTest()
{
@@ -701,7 +703,7 @@ S
///
/// A test for Iframe
/// Example
- ///
+ ///
[Test]
public void IframeXSSTest()
{
@@ -721,7 +723,7 @@ S
///
/// A test for Frame
/// Example
- ///
+ ///
[Test]
public void FrameXSSTest()
{
@@ -741,7 +743,7 @@ S
///
/// A test for Table
/// Example
- ///
+ ///
[Test]
public void TableXSSTest()
{
@@ -761,7 +763,7 @@ S
///
/// A test for TD
/// Example
- ///
+ ///
[Test]
public void TDXSSTest()
{
@@ -781,7 +783,7 @@ S
///
/// A test for Div Background Image
/// Example
- ///
+ ///
[Test]
public void DivBackgroundImageXSSTest()
{
@@ -801,7 +803,7 @@ S
///
/// A test for Div Background Image with unicoded XSS
/// Example
- ///
+ ///
[Test]
public void DivBackgroundImageWithUnicodedXSSTest()
{
@@ -821,7 +823,7 @@ S
///
/// A test for Div Background Image with extra characters
/// Example
- ///
+ ///
[Test]
public void DivBackgroundImageWithExtraCharactersXSSTest()
{
@@ -841,7 +843,7 @@ S
///
/// A test for DIV expression
/// Example
- ///
+ ///
[Test]
public void DivExpressionXSSTest()
{
@@ -861,7 +863,7 @@ S
///
/// A test for Image with break up expression
/// Example
- ///
+ ///
[Test]
public void ImageStyleExpressionXSSTest()
{
@@ -881,7 +883,7 @@ S
///
/// A test for AnchorTag with break up expression
/// Example
- ///
+ ///
[Test]
public void AnchorTagStyleExpressionXSSTest()
{
@@ -901,7 +903,7 @@ S
///
/// A test for BaseTag
/// Example
- ///
+ ///
[Test]
public void BaseTagXSSTest()
{
@@ -921,7 +923,7 @@ S
///
/// A test for EMBEDTag
/// Example
- ///
+ ///
[Test]
public void EmbedTagXSSTest()
{
@@ -941,7 +943,7 @@ S
///
/// A test for EMBEDSVG
/// Example
- ///
+ ///
[Test]
public void EmbedSVGXSSTest()
{
@@ -961,7 +963,7 @@ S
///
/// A test for XML namespace
/// Example
- ///
+ ///
[Test]
public void XmlNamespaceXSSTest()
{
@@ -981,7 +983,7 @@ S
///
/// A test for XML with CData
/// Example
- ///
+ ///
[Test]
public void XmlWithCDataXSSTest()
{
@@ -1000,7 +1002,7 @@ S
///
/// A test for XML with Comment obfuscation
- ///
+ ///
[Test]
public void XmlWithCommentObfuscationXSSTest()
{
@@ -1020,7 +1022,7 @@ S
///
/// A test for XML with Embedded script
/// Example
- ///
+ ///
[Test]
public void XmlWithEmbeddedScriptXSSTest()
{
@@ -1040,7 +1042,7 @@ S
///
/// A test for Html + Time
/// Example
- ///
+ ///
[Test]
public void HtmlPlusTimeXSSTest()
{
@@ -1060,7 +1062,7 @@ S
///
/// A test for AnchorTag with javascript link location
/// Example
- ///
+ ///
[Test]
public void AnchorTagJavascriptLinkLocationXSSTest()
{
@@ -1080,7 +1082,7 @@ S
///
/// A test for Div with no filter evasion
/// Example
- ///
+ ///
[Test]
public void DivNoFilterEvasionXSSTest()
{
@@ -1100,7 +1102,7 @@ S
///
/// A test for Div with style expression and no filter evasion
/// Example
- ///
+ ///
[Test]
public void DivStyleExpressionNoFilterEvasionXSSTest()
{
@@ -1120,7 +1122,7 @@ S
///
/// A test for AnchorTag with non alpha non digit xss
/// Example
- ///
+ ///
[Test]
public void AnchorTagNonAlphaNonDigitXSSTest()
{
@@ -1140,7 +1142,7 @@ S
///
/// A test for Div with non alpha non digit xss
/// Example
- ///
+ ///
[Test]
public void DivNonAlphaNonDigitXSSTest()
{
@@ -1160,7 +1162,7 @@ S
///
/// A test for Div with style expression and non alpha non digit xss
/// Example
- ///
+ ///
[Test]
public void DivStyleExpressionNonAlphaNonDigitXSSTest()
{
@@ -1180,7 +1182,7 @@ S
///
/// A test for Div with non alpha non digit part 3 xss
/// Example
- ///
+ ///
[Test]
public void DivNonAlphaNonDigit3XSSTest()
{
@@ -1200,7 +1202,7 @@ S
///
/// A test for Div with style expression and non alpha non digit part 3 xss
/// Example
- ///
+ ///
[Test]
public void DivStyleExpressionNonAlphaNonDigit3XSSTest()
{
@@ -1220,7 +1222,7 @@ S
///
/// A test for AnchorTag with Extraneous open brackets xss
/// Example
- ///
+ ///
[Test]
public void AnchorTagExtraneousOpenBracketsXSSTest()
{
@@ -1240,7 +1242,7 @@ S
///
/// A test for Div with Extraneous open brackets xss
/// Example
- ///
+ ///
[Test]
public void DivExtraneousOpenBracketsXSSTest()
{
@@ -1260,7 +1262,7 @@ S
///
/// A test for Div with style expression and Extraneous open brackets xss
/// Example
- ///
+ ///
[Test]
public void DivStyleExpressionExtraneousOpenBracketsXSSTest()
{
@@ -1280,7 +1282,7 @@ S
///
/// A test for Div with No closing script tags xss
/// Example
- ///
+ ///
[Test]
public void DivNoClosingScriptTagsXSSTest()
{
@@ -1300,7 +1302,7 @@ S
///
/// A test for Div with style expression and No closing script tags xss
/// Example
- ///
+ ///
[Test]
public void DivStyleExpressionNoClosingScriptTagsXSSTest()
{
@@ -1320,7 +1322,7 @@ S
///
/// A test for AnchorTag with Protocol resolution in script tags xss
/// Example
- ///
+ ///
[Test]
public void AnchorTagProtocolResolutionScriptXSSTest()
{
@@ -1340,7 +1342,7 @@ S
///
/// A test for Div with Protocol resolution in script tags xss
/// Example
- ///
+ ///
[Test]
public void DivProtocolResolutionScriptXSSTest()
{
@@ -1360,7 +1362,7 @@ S
///
/// A test for Div with style expression and Protocol resolution in script tags xss
/// Example
- ///
+ ///
[Test]
public void DivStyleExpressionProtocolResolutionScriptXSSTest()
{
@@ -1380,7 +1382,7 @@ S
///
/// A test for AnchorTag with no single quotes or double quotes or semicolons xss
/// Example
- ///
+ ///
[Test]
public void AnchorTagNoQuotesXSSTest()
{
@@ -1400,7 +1402,7 @@ S
///
/// A test for Div with no single quotes or double quotes or semicolons xss
/// Example
- ///
+ ///
[Test]
public void DivNoQuotesXSSTest()
{
@@ -1420,7 +1422,7 @@ S
///
/// A test for Div with style expression and no single quotes or double quotes or semicolons xss
/// Example
- ///
+ ///
[Test]
public void DivStyleExpressionNoQuotesXSSTest()
{
@@ -1440,7 +1442,7 @@ S
///
/// A test for AnchorTag with US-ASCII encoding xss
/// Example
- ///
+ ///
[Test]
public void AnchorTagUSASCIIEncodingXSSTest()
{
@@ -1459,7 +1461,7 @@ S
///
/// A test for AnchorTag with Downlevel-Hidden block xss
- ///
+ ///
[Test]
public void AnchorTagDownlevelHiddenBlockXSSTest()
{
@@ -1478,7 +1480,7 @@ S
///
/// A test for Div with Downlevel-Hidden block xss
- ///
+ ///
[Test]
public void DivDownlevelHiddenBlockXSSTest()
{
@@ -1498,7 +1500,7 @@ S
///
/// A test for AnchorTag with Html Quotes Encapsulation 1 xss
/// Example
- ///
+ ///
[Test]
public void AnchorTagHtmlQuotesEncapsulation1XSSTest()
{
@@ -1518,7 +1520,7 @@ S
///
/// A test for Div with Html Quotes Encapsulation 1 xss
/// Example
- ///
+ ///
[Test]
public void DivHtmlQuotesEncapsulation1XSSTest()
{
@@ -2122,6 +2124,40 @@ rl(javascript:alert(""foo""))'>";
var html = @"Hallo
";
Assert.That(sanitizer.Sanitize(html), Is.EqualTo(@"HalloTest
").IgnoreCase);
}
+
+ [Test]
+ public void AutoLinkTest()
+ {
+ var sanitizer = new HtmlSanitizer();
+ var autolink = new AutoLink();
+ sanitizer.PostProcessTag += (s, e) =>
+ {
+ var tag = e.Tag;
+ for (int i = 0; i < tag.ChildNodes.Length; i++)
+ {
+ var text = tag.ChildNodes[i] as IDomText;
+ if (text != null)
+ {
+ var autolinked = autolink.Link(text.NodeValue);
+ if (autolinked != text.NodeValue)
+ {
+ var a = CQ.Create(autolinked);
+
+ while (a.Document.ChildNodes.Any())
+ {
+ tag.ChildNodes.Insert(i, a.Document.ChildNodes.First());
+ i++;
+ }
+
+ tag.ChildNodes.RemoveAt(i);
+ i--;
+ }
+ }
+ }
+ };
+ var html = @"Click here: http://example.com/.
";
+ Assert.That(sanitizer.Sanitize(html), Is.EqualTo(@"").IgnoreCase);
+ }
}
}
diff --git a/HtmlSanitizer.Tests/packages.config b/HtmlSanitizer.Tests/packages.config
index 694d2d9..71157d7 100644
--- a/HtmlSanitizer.Tests/packages.config
+++ b/HtmlSanitizer.Tests/packages.config
@@ -1,5 +1,7 @@
+
+
\ No newline at end of file