diff --git a/src/HtmlSanitizer/HtmlSanitizer.cs b/src/HtmlSanitizer/HtmlSanitizer.cs index 56855d2..5973a09 100644 --- a/src/HtmlSanitizer/HtmlSanitizer.cs +++ b/src/HtmlSanitizer/HtmlSanitizer.cs @@ -460,8 +460,7 @@ namespace Ganss.XSS public IHtmlDocument SanitizeDom(string html, string baseUrl = "") { var parser = HtmlParserFactory(); - var dom = parser.ParseDocument(""); - dom.Body.InnerHtml = html; + var dom = parser.ParseDocument("" + html); DoSanitize(dom, dom.Body, baseUrl); @@ -480,7 +479,7 @@ namespace Ganss.XSS var parser = HtmlParserFactory(); var dom = parser.ParseDocument(html); - DoSanitize(dom, dom.DocumentElement, baseUrl); + DoSanitize(dom, dom, baseUrl); var output = dom.ToHtml(outputFormatter ?? OutputFormatter); @@ -499,7 +498,7 @@ namespace Ganss.XSS var parser = HtmlParserFactory(); var dom = parser.ParseDocument(html); - DoSanitize(dom, dom.DocumentElement, baseUrl); + DoSanitize(dom, dom, baseUrl); var output = dom.ToHtml(outputFormatter ?? OutputFormatter); @@ -536,7 +535,7 @@ namespace Ganss.XSS } } - private void DoSanitize(IHtmlDocument dom, IElement context, string baseUrl = "") + private void DoSanitize(IHtmlDocument dom, IParentNode context, string baseUrl = "") { // remove non-whitelisted tags foreach (var tag in context.QuerySelectorAll("*").Where(t => !IsAllowedTag(t)).ToList()) @@ -601,9 +600,9 @@ namespace Ganss.XSS } } - RemoveComments(context); + RemoveComments(context as IElement); - DoPostProcess(dom, context); + DoPostProcess(dom, context as IElement); } private void SanitizeStyleSheets(IHtmlDocument dom, string baseUrl) diff --git a/src/HtmlSanitizer/HtmlSanitizer.csproj b/src/HtmlSanitizer/HtmlSanitizer.csproj index 8913b8e..c46e29d 100644 --- a/src/HtmlSanitizer/HtmlSanitizer.csproj +++ b/src/HtmlSanitizer/HtmlSanitizer.csproj @@ -32,9 +32,10 @@ + - + diff --git a/src/HtmlSanitizer/Properties/AssemblyInfo.cs b/src/HtmlSanitizer/Properties/AssemblyInfo.cs deleted file mode 100644 index 7df8d9c..0000000 --- a/src/HtmlSanitizer/Properties/AssemblyInfo.cs +++ /dev/null @@ -1,14 +0,0 @@ -using System.Reflection; -using System.Runtime.InteropServices; - -#if !NETSTANDARD - -// Setting ComVisible to false makes the types in this assembly not visible -// to COM components. If you need to access a type in this assembly from -// COM, set the ComVisible attribute to true on that type. -[assembly: ComVisible(false)] - -// The following GUID is for the ID of the typelib if this project is exposed to COM -[assembly: Guid("16af04e9-e712-417e-b749-c8d10148dda9")] - -#endif diff --git a/test/HtmlSanitizer.Tests/Tests.cs b/test/HtmlSanitizer.Tests/Tests.cs index 993fe68..e4b993a 100644 --- a/test/HtmlSanitizer.Tests/Tests.cs +++ b/test/HtmlSanitizer.Tests/Tests.cs @@ -3124,6 +3124,33 @@ zqy1QY1kkPOuMvKWvvmFIwClI2393jVVcp91eda4+J+fIYDbfJa7RY5YcNrZhTuV//9k=""> Assert.Equal(html, actual); } } + + [Fact] + public void RemovingFramesetShouldTriggerEventTest() + { + // https://github.com/mganss/HtmlSanitizer/issues/163 + + var sanitizer = new HtmlSanitizer(); + bool anyNodeRemoved = false; + sanitizer.RemovingTag += (s, e) => anyNodeRemoved = true; + var html = @""; + var actual = sanitizer.SanitizeDocument(html); + Assert.True(anyNodeRemoved); + Assert.Equal("", actual); + } + + [Fact] + public void HtmlDocumentTest() + { + // https://github.com/mganss/HtmlSanitizer/issues/164 + + var sanitizer = new HtmlSanitizer(); + var html = @""; + + var actual = sanitizer.SanitizeDocument(html); + + Assert.Equal("", actual); + } } }