JacksonBruce/HtmlSanitizer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed classcast error in post processing of nodes

Browse Source 
When you use SanitizeDocument the 'context' parameter of DoPostProcess and RemoveComments is set to be the HTML document itself. The post processing require the context to be an IElement which isn't the case for AngleSharps HtmlDocument. Changed signatures of methods in post processing to use an INode instead. This allows the PostProcessNode event to be called when using SanitizeDocument.
This commit is contained in:
Bjørn Olav Ringstad
2019-10-02 13:31:38 +02:00
parent f5933c2f9e
commit 5d10d3b07e
2 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/HtmlSanitizer/HtmlSanitizer.cs
View File

@@ -629,9 +629,9 @@ namespace Ganss.XSS
/// <summary> /// <summary>
/// Removes all comment nodes from a list of nodes. /// Removes all comment nodes from a list of nodes.
/// </summary> /// </summary>
/// <param name="context">The element within which to remove comments.</param> /// <param name="context">The node within which to remove comments.</param>
/// <returns><c>true</c> if any comments were removed; otherwise, <c>false</c>.</returns> /// <returns><c>true</c> if any comments were removed; otherwise, <c>false</c>.</returns>
private void RemoveComments(IElement context) private void RemoveComments(INode context)
{ {
foreach (var comment in GetAllNodes(context).OfType<IComment>().ToList()) foreach (var comment in GetAllNodes(context).OfType<IComment>().ToList())
{ {
@@ -707,9 +707,9 @@ namespace Ganss.XSS
} }
} }
RemoveComments(context as IElement); RemoveComments(context as INode);
DoPostProcess(dom, context as IElement); DoPostProcess(dom, context as INode);
} }
private void SanitizeStyleSheets(IHtmlDocument dom, string baseUrl) private void SanitizeStyleSheets(IHtmlDocument dom, string baseUrl)
@@ -775,8 +775,8 @@ namespace Ganss.XSS
/// Performs post processing on all nodes in the document. /// Performs post processing on all nodes in the document.
/// </summary> /// </summary>
/// <param name="dom">The HTML document.</param> /// <param name="dom">The HTML document.</param>
/// <param name="context">The element within which to post process all nodes.</param> /// <param name="context">The node within which to post process all nodes.</param>
private void DoPostProcess(IHtmlDocument dom, IElement context) private void DoPostProcess(IHtmlDocument dom, INode context)
{ {
if (PostProcessNode != null) if (PostProcessNode != null)
{ {

19
test/HtmlSanitizer.Tests/Tests.cs
View File

@@ -2187,6 +2187,25 @@ rl(javascript:alert(""foo""))'>";
Assert.Equal(@"<div class=""test"">Hallo<b>Test</b></div>", sanitized, ignoreCase: true); Assert.Equal(@"<div class=""test"">Hallo<b>Test</b></div>", sanitized, ignoreCase: true);
} }
[Fact]
public void PostProcessNodeTestUsingDocument()
{
var sanitizer = new HtmlSanitizer();
sanitizer.PostProcessNode += (s, e) =>
{
if (e.Node is IHtmlDivElement el)
{
el.ClassList.Add("test");
var b = e.Document.CreateElement("b");
b.TextContent = "Test";
el.AppendChild(b);
}
};
var html = @"<html><head></head><body><div>Hallo</div></body></html>";
var sanitized = sanitizer.SanitizeDocument(html);
Assert.Equal(@"<html><head></head><body><div class=""test"">Hallo<b>Test</b></div></body></html>", sanitized, ignoreCase: true);
}
[Fact] [Fact]
public void PostProcessDomTest() public void PostProcessDomTest()
{ {