Refactor according to VS suggestions
Use AppVeyor VS 2017 build image
This commit is contained in:
Michael Ganss
@@ -1,5 +1,6 @@
|
|||||||
version: 3.4.{build}
|
version: 3.4.{build}
|
||||||
skip_tags: true
|
skip_tags: true
|
||||||
|
image: Visual Studio 2017
|
||||||
environment:
|
environment:
|
||||||
CoverityProjectToken:
|
CoverityProjectToken:
|
||||||
secure: pUUrynbyxCRpsAgGdKBVYDZCilwBmaWQ1Jg+rg5znr0=
|
secure: pUUrynbyxCRpsAgGdKBVYDZCilwBmaWQ1Jg+rg5znr0=
|
||||||
|
|||||||
@@ -528,17 +528,13 @@ namespace Ganss.XSS
|
|||||||
{
|
{
|
||||||
if (!AllowedAtRules.Contains(rule.Type)) return false;
|
if (!AllowedAtRules.Contains(rule.Type)) return false;
|
||||||
|
|
||||||
var styleRule = rule as ICssStyleRule;
|
if (rule is ICssStyleRule styleRule)
|
||||||
|
|
||||||
if (styleRule != null)
|
|
||||||
{
|
{
|
||||||
SanitizeStyleDeclaration(styleTag, styleRule.Style, baseUrl);
|
SanitizeStyleDeclaration(styleTag, styleRule.Style, baseUrl);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
var groupingRule = rule as ICssGroupingRule;
|
if (rule is ICssGroupingRule groupingRule)
|
||||||
|
|
||||||
if (groupingRule != null)
|
|
||||||
{
|
{
|
||||||
for (int i = 0; i < groupingRule.Rules.Length;)
|
for (int i = 0; i < groupingRule.Rules.Length;)
|
||||||
{
|
{
|
||||||
@@ -548,23 +544,20 @@ namespace Ganss.XSS
|
|||||||
else i++;
|
else i++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (rule is ICssPageRule)
|
else if (rule is ICssPageRule pageRule)
|
||||||
{
|
{
|
||||||
var pageRule = (ICssPageRule)rule;
|
|
||||||
SanitizeStyleDeclaration(styleTag, pageRule.Style, baseUrl);
|
SanitizeStyleDeclaration(styleTag, pageRule.Style, baseUrl);
|
||||||
}
|
}
|
||||||
else if (rule is ICssKeyframesRule)
|
else if (rule is ICssKeyframesRule keyFramesRule)
|
||||||
{
|
{
|
||||||
var keyFramesRule = (ICssKeyframesRule)rule;
|
|
||||||
foreach (var childRule in keyFramesRule.Rules.OfType<ICssKeyframeRule>().ToList())
|
foreach (var childRule in keyFramesRule.Rules.OfType<ICssKeyframeRule>().ToList())
|
||||||
{
|
{
|
||||||
if (!SanitizeStyleRule(childRule, styleTag, baseUrl) && RemoveAtRule(styleTag, childRule))
|
if (!SanitizeStyleRule(childRule, styleTag, baseUrl) && RemoveAtRule(styleTag, childRule))
|
||||||
keyFramesRule.Remove(childRule.KeyText);
|
keyFramesRule.Remove(childRule.KeyText);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (rule is ICssKeyframeRule)
|
else if (rule is ICssKeyframeRule keyFrameRule)
|
||||||
{
|
{
|
||||||
var keyFrameRule = (ICssKeyframeRule)rule;
|
|
||||||
SanitizeStyleDeclaration(styleTag, keyFrameRule.Style, baseUrl);
|
SanitizeStyleDeclaration(styleTag, keyFrameRule.Style, baseUrl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1954,7 +1954,7 @@ rl(javascript:alert(""foo""))'>";
|
|||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public void capitalExpressionTest()
|
public void CapitalExpressionTest()
|
||||||
{
|
{
|
||||||
var sanitizer = Sanitizer;
|
var sanitizer = Sanitizer;
|
||||||
var html = @"<div style=""top:EXPRESSION(alert())"">XSS</div>";
|
var html = @"<div style=""top:EXPRESSION(alert())"">XSS</div>";
|
||||||
@@ -2127,8 +2127,10 @@ rl(javascript:alert(""foo""))'>";
|
|||||||
[Fact]
|
[Fact]
|
||||||
public void AllowDataAttributesTest()
|
public void AllowDataAttributesTest()
|
||||||
{
|
{
|
||||||
var sanitizer = new HtmlSanitizer();
|
var sanitizer = new HtmlSanitizer()
|
||||||
sanitizer.AllowDataAttributes = true;
|
{
|
||||||
|
AllowDataAttributes = true
|
||||||
|
};
|
||||||
var html = @"<div data-test1=""value x""></div>";
|
var html = @"<div data-test1=""value x""></div>";
|
||||||
Assert.Equal(html, sanitizer.Sanitize(html), ignoreCase: true);
|
Assert.Equal(html, sanitizer.Sanitize(html), ignoreCase: true);
|
||||||
}
|
}
|
||||||
@@ -2136,8 +2138,10 @@ rl(javascript:alert(""foo""))'>";
|
|||||||
[Fact]
|
[Fact]
|
||||||
public void AllowDataAttributesCaseTest()
|
public void AllowDataAttributesCaseTest()
|
||||||
{
|
{
|
||||||
var sanitizer = new HtmlSanitizer();
|
var sanitizer = new HtmlSanitizer()
|
||||||
sanitizer.AllowDataAttributes = true;
|
{
|
||||||
|
AllowDataAttributes = true
|
||||||
|
};
|
||||||
var html = @"<div DAta-test1=""value x""></div>";
|
var html = @"<div DAta-test1=""value x""></div>";
|
||||||
Assert.Equal(html, sanitizer.Sanitize(html), ignoreCase: true);
|
Assert.Equal(html, sanitizer.Sanitize(html), ignoreCase: true);
|
||||||
}
|
}
|
||||||
@@ -2145,8 +2149,10 @@ rl(javascript:alert(""foo""))'>";
|
|||||||
[Fact]
|
[Fact]
|
||||||
public void AllowDataAttributesOffTest()
|
public void AllowDataAttributesOffTest()
|
||||||
{
|
{
|
||||||
var sanitizer = new HtmlSanitizer();
|
var sanitizer = new HtmlSanitizer()
|
||||||
sanitizer.AllowDataAttributes = false;
|
{
|
||||||
|
AllowDataAttributes = false
|
||||||
|
};
|
||||||
var html = @"<div data-test1=""value x""></div>";
|
var html = @"<div data-test1=""value x""></div>";
|
||||||
Assert.Equal(@"<div></div>", sanitizer.Sanitize(html), ignoreCase: true);
|
Assert.Equal(@"<div></div>", sanitizer.Sanitize(html), ignoreCase: true);
|
||||||
}
|
}
|
||||||
@@ -2165,8 +2171,7 @@ rl(javascript:alert(""foo""))'>";
|
|||||||
var sanitizer = new HtmlSanitizer();
|
var sanitizer = new HtmlSanitizer();
|
||||||
sanitizer.PostProcessNode += (s, e) =>
|
sanitizer.PostProcessNode += (s, e) =>
|
||||||
{
|
{
|
||||||
var el = e.Node as IHtmlElement;
|
if (e.Node is IHtmlElement el)
|
||||||
if (el != null)
|
|
||||||
{
|
{
|
||||||
el.ClassList.Add("test");
|
el.ClassList.Add("test");
|
||||||
var b = e.Document.CreateElement("b");
|
var b = e.Document.CreateElement("b");
|
||||||
@@ -2185,8 +2190,7 @@ rl(javascript:alert(""foo""))'>";
|
|||||||
var sanitizer = new HtmlSanitizer();
|
var sanitizer = new HtmlSanitizer();
|
||||||
sanitizer.PostProcessNode += (s, e) =>
|
sanitizer.PostProcessNode += (s, e) =>
|
||||||
{
|
{
|
||||||
var text = e.Node as IText;
|
if (e.Node is IText text)
|
||||||
if (text != null)
|
|
||||||
{
|
{
|
||||||
var autolinked = Regex.Replace(text.NodeValue, @"https?://[^\s]+[^\s!?.:;,]+", m => $@"<a href=""{m.Value}"">{m.Value}</a>", RegexOptions.IgnoreCase);
|
var autolinked = Regex.Replace(text.NodeValue, @"https?://[^\s]+[^\s!?.:;,]+", m => $@"<a href=""{m.Value}"">{m.Value}</a>", RegexOptions.IgnoreCase);
|
||||||
if (autolinked != text.NodeValue)
|
if (autolinked != text.NodeValue)
|
||||||
@@ -2620,8 +2624,10 @@ rl(javascript:alert(""foo""))'>";
|
|||||||
{
|
{
|
||||||
// https://github.com/mganss/HtmlSanitizer/issues/66
|
// https://github.com/mganss/HtmlSanitizer/issues/66
|
||||||
|
|
||||||
var sanitizer = new HtmlSanitizer();
|
var sanitizer = new HtmlSanitizer()
|
||||||
sanitizer.AllowDataAttributes = true;
|
{
|
||||||
|
AllowDataAttributes = true
|
||||||
|
};
|
||||||
sanitizer.AllowedSchemes.Add("data");
|
sanitizer.AllowedSchemes.Add("data");
|
||||||
var html = @" <p>
|
var html = @" <p>
|
||||||
<img src=""data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/2wBDAQMDAwQDBAgEBAgQCwkLEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBD/wAARCAFvAeoDASIAAhEBAxEB/8QAHgAAAAcBAQEBAAAAAAAAAAAAAgMEBQYHCAEJAAr/xABrEAABAwMCAwQGBQQHEA0JBwUBAgMEAAURBiEHEjEIE0FRCRQiYXGBFTJCkaEjM7HBFhdSYnXR0iQ1NzhDY3J2gpKis7TU4fAYGSU0VnSEhZSVsrXCJicoNkZTZnOjREVUV4Ok8VVkZZOW/8QAHAEAAQUBAQEAAAAAAAAAAAAABAECAwUGAAcI/8QAOhEAAQQBBAADBQYFAwQDAAAAAQACAxEEBRIhMRNBUQYUImFxIzIzNIGRFSRCocEHUrE10eHwFkPx/9oADAMBAAIRAxEAPwCsOwKgjhLKXyKx9NPjPcjH5tv7f6v4q2HaSAEn34rIfYBCVcIZWA3kXqQT7auf8214dMfj0rXMJB5UFJ99eg6T/wBPZ+q8+1gVqDz9FMLYsnpUpgrWEDIO25qJWhwEdOlSmG7gAJzvQWX2psY8J7hvpKMg7e+liHfZ26im+OAU9cY8KVt486qZGgqxj6S5K87k184okkjxopC84GK6tWUKHT30KGU5EB3HCbLmvmSoKwAn3+NQe4pBeJT0zUynILqVJK8eJNRWe2hJwjfNW2JwhJk1Hf5UFQPKTR6kZxQe5Uds1at55QDuklaAWr6uaOdjnuiQnrSlEUpGMDJo9TQDeD51KH0oCwO7UXlW3vle0jPz60mFlTn2B8RUuLDRweXpQkMtg55QanGU7pRe7hRL6ASGQQklWab5FsUhRSp
|
<img src=""data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/2wBDAQMDAwQDBAgEBAgQCwkLEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBD/wAARCAFvAeoDASIAAhEBAxEB/8QAHgAAAAcBAQEBAAAAAAAAAAAAAgMEBQYHCAEJAAr/xABrEAABAwMCAwQGBQQHEA0JBwUBAgMEAAURBiEHEjEIE0FRCRQiYXGBFTJCkaEjM7HBFhdSYnXR0iQ1NzhDY3J2gpKis7TU4fAYGSU0VnSEhZSVsrXCJicoNkZTZnOjREVUV4Ok8VVkZZOW/8QAHAEAAQUBAQEAAAAAAAAAAAAABAECAwUGAAcI/8QAOhEAAQQBBAADBQYFAwQDAAAAAQACAxEEBRIhMRNBUQYUImFxIzIzNIGRFSRCocEHUrE10eHwFkPx/9oADAMBAAIRAxEAPwCsOwKgjhLKXyKx9NPjPcjH5tv7f6v4q2HaSAEn34rIfYBCVcIZWA3kXqQT7auf8214dMfj0rXMJB5UFJ99eg6T/wBPZ+q8+1gVqDz9FMLYsnpUpgrWEDIO25qJWhwEdOlSmG7gAJzvQWX2psY8J7hvpKMg7e+liHfZ26im+OAU9cY8KVt486qZGgqxj6S5K87k184okkjxopC84GK6tWUKHT30KGU5EB3HCbLmvmSoKwAn3+NQe4pBeJT0zUynILqVJK8eJNRWe2hJwjfNW2JwhJk1Hf5UFQPKTR6kZxQe5Uds1at55QDuklaAWr6uaOdjnuiQnrSlEUpGMDJo9TQDeD51KH0oCwO7UXlW3vle0jPz60mFlTn2B8RUuLDRweXpQkMtg55QanGU7pRe7hRL6ASGQQklWab5FsUhRSp
|
||||||
@@ -2764,9 +2770,10 @@ zqy1QY1kkPOuMvKWvvmFIwClI2393jVVcp91eda4+J+fIYDbfJa7RY5YcNrZhTuV//9k="">
|
|||||||
{
|
{
|
||||||
// https://github.com/mganss/HtmlSanitizer/issues/80
|
// https://github.com/mganss/HtmlSanitizer/issues/80
|
||||||
|
|
||||||
var s = new HtmlSanitizer();
|
var s = new HtmlSanitizer()
|
||||||
|
{
|
||||||
s.AllowDataAttributes = true;
|
AllowDataAttributes = true
|
||||||
|
};
|
||||||
s.AllowedAtRules.Add(CssRuleType.FontFace);
|
s.AllowedAtRules.Add(CssRuleType.FontFace);
|
||||||
|
|
||||||
s.AllowedTags.Add("style");
|
s.AllowedTags.Add("style");
|
||||||
|
|||||||
Reference in New Issue
Block a user