JacksonBruce/HtmlSanitizer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into AngleSharp_0_10

Browse Source
This commit is contained in:
Michael Ganss
2019-01-07 13:00:45 +01:00
parent 248ad10f1c f4eeace29f
commit b3684d47ea
11 changed files with 128 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -4,6 +4,12 @@ HtmlSanitizer
[![NuGet version](https://badge.fury.io/nu/HtmlSanitizer.svg)](http://badge.fury.io/nu/HtmlSanitizer)
[![Build status](https://ci.appveyor.com/api/projects/status/418bmfx643iae00c/branch/master?svg=true)](https://ci.appveyor.com/project/mganss/htmlsanitizer/branch/master)
[![codecov.io](https://codecov.io/github/mganss/HtmlSanitizer/coverage.svg?branch=master)](https://codecov.io/github/mganss/HtmlSanitizer?branch=master)
[![Sonarcloud Quality Gate](https://sonarcloud.io/api/project_badges/measure?project=mganss_HtmlSanitizer&metric=alert_status)](https://sonarcloud.io/dashboard?id=mganss_HtmlSanitizer)
[![netstandard1.3](https://img.shields.io/badge/netstandard-1.3-brightgreen.svg)](https://img.shields.io/badge/netstandard-1.3-brightgreen.svg)
[![netstandard2.0](https://img.shields.io/badge/netstandard-2.0-brightgreen.svg)](https://img.shields.io/badge/netstandard-2.0-brightgreen.svg)
[![net40](https://img.shields.io/badge/net-40-brightgreen.svg)](https://img.shields.io/badge/net-40-brightgreen.svg)
[![net45](https://img.shields.io/badge/net-45-brightgreen.svg)](https://img.shields.io/badge/net-45-brightgreen.svg)
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to [XSS attacks](https://en.wikipedia.org/wiki/Cross-site_scripting).
It uses [AngleSharp](https://github.com/AngleSharp/AngleSharp) to parse, manipulate, and render HTML and CSS.

38
appveyor.yml
View File

@@ -1,21 +1,41 @@
version: 3.5.{build}-beta
version: 4.0.{build}
skip_tags: true
image: Visual Studio 2017
environment:
CoverityProjectToken:
secure: pUUrynbyxCRpsAgGdKBVYDZCilwBmaWQ1Jg+rg5znr0=
CoverityNotificationEmail:
secure: m/ox72HU97EeJExWEFWx+0M9uov0cydn6E8mSaQzsQE=
access_token:
secure: Eq6BjtZ80BXKLwFMg76IjuQAvbLjbojIF/X/ARouGVhxPneJtgDfCXMPNgJ7KBKq
sonar_token:
secure: W7pHKhuTW6Lh8WlXJNTOIaOzeuxLi+H6Nqmnm4pr28jM6jyIpOZ+1r10lIQi0eCA
nuget:
disable_publish_on_pr: true
build_script:
- ps: (Get-Content src\HtmlSanitizer\HtmlSanitizer.csproj).Replace("1.0.0-VERSION", $env:APPVEYOR_BUILD_VERSION) | Set-Content src\HtmlSanitizer\HtmlSanitizer.csproj
- dotnet restore
- dotnet pack -c Release src\HtmlSanitizer
- dotnet pack --include-symbols --include-source -c Release src\HtmlSanitizer
test_script:
- dotnet test test\HtmlSanitizer.Tests\HtmlSanitizer.Tests.csproj
- nuget.exe install OpenCover -ExcludeVersion
- OpenCover\tools\OpenCover.Console.exe -register:user -filter:"+[HtmlSanitizer]*" -target:"C:\Program Files\dotnet\dotnet.exe" "-targetargs:test test\HtmlSanitizer.Tests\HtmlSanitizer.Tests.csproj" -returntargetcode -hideskipped:All -output:coverage.xml
- ps: |
if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER) {
dotnet tool install --global dotnet-sonarscanner
dotnet sonarscanner begin /k:"mganss_HtmlSanitizer" /v:$env:APPVEYOR_BUILD_VERSION /d:sonar.organization="mganss-github" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.login="$env:sonar_token" /d:sonar.cs.opencover.reportsPaths="$($env:APPVEYOR_BUILD_FOLDER)\coverage.xml" /d:sonar.coverage.exclusions="**/Program.cs"
dotnet build
}
- dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:CoverletOutput="..\..\coverage.xml" test\HtmlSanitizer.Tests\HtmlSanitizer.Tests.csproj -f netcoreapp2.0
- ps: |
if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER) {
dotnet sonarscanner end /d:sonar.login="$env:sonar_token"
}
- "SET PATH=C:\\Python34;C:\\Python34\\Scripts;%PATH%"
- pip install codecov
- codecov -f "coverage.xml"
artifacts:
- path: 'src\**\*.nupkg'
on_success:
- ps: |
if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER) {
git config --global credential.helper store
Add-Content "$HOME\.git-credentials" "https://$($env:access_token):x-oauth-basic@github.com`n"
git config --global user.email "michael@ganss.org"
git config --global user.name "Michael Ganss"
git tag v$env:APPVEYOR_BUILD_VERSION
git push origin --tags --porcelain
}

10
src/HtmlSanitizer/HtmlFormatter.cs
View File

@@ -23,11 +23,11 @@ namespace Ganss.XSS
// disable XML comments warnings
#pragma warning disable 1591
public virtual string Attribute(IAttr attr)
public virtual string Attribute(IAttr attribute)
{
var namespaceUri = attr.NamespaceUri;
var localName = attr.LocalName;
var value = attr.Value;
var namespaceUri = attribute.NamespaceUri;
var localName = attribute.LocalName;
var value = attribute.Value;
var temp = new StringBuilder();
if (String.IsNullOrEmpty(namespaceUri))
@@ -48,7 +48,7 @@ namespace Ganss.XSS
}
else
{
temp.Append(attr.Name);
temp.Append(attribute.Name);
}
temp.Append('=').Append('"');

39
src/HtmlSanitizer/HtmlSanitizer.cs
View File

@@ -32,7 +32,7 @@ namespace Ganss.XSS
/// <item>You can specify the allowed HTML tags through the property <see cref="AllowedTags"/>. All other tags will be stripped.</item>
/// <item>You can specify the allowed HTML attributes through the property <see cref="AllowedAttributes"/>. All other attributes will be stripped.</item>
/// <item>You can specify the allowed CSS property names through the property <see cref="AllowedCssProperties"/>. All other styles will be stripped.</item>
/// <item>You can specify the allowed URI schemes through the property <see cref="AllowedCssProperties"/>. All other URIs will be stripped.</item>
/// <item>You can specify the allowed URI schemes through the property <see cref="AllowedSchemes"/>. All other URIs will be stripped.</item>
/// <item>You can specify the HTML attributes that contain URIs (such as "src", "href" etc.) through the property <see cref="UriAttributes"/>.</item>
/// </list>
/// </para>
@@ -111,7 +111,7 @@ namespace Ganss.XSS
/// <summary>
/// The default allowed CSS at-rules.
/// </summary>
public static readonly ISet<CssRuleType> DefaultAllowedAtRules = new HashSet<CssRuleType>() { CssRuleType.Style, CssRuleType.Namespace };
public static ISet<CssRuleType> DefaultAllowedAtRules { get; } = new HashSet<CssRuleType>() { CssRuleType.Style, CssRuleType.Namespace };
/// <summary>
/// Gets or sets the allowed HTTP schemes such as "http" and "https".
@@ -124,7 +124,7 @@ namespace Ganss.XSS
/// <summary>
/// The default allowed URI schemes.
/// </summary>
public static readonly ISet<string> DefaultAllowedSchemes = new HashSet<string>(StringComparer.OrdinalIgnoreCase) { "http", "https" };
public static ISet<string> DefaultAllowedSchemes { get; } = new HashSet<string>(StringComparer.OrdinalIgnoreCase) { "http", "https" };
/// <summary>
/// Gets or sets the allowed HTML tag names such as "a" and "div".
@@ -137,7 +137,7 @@ namespace Ganss.XSS
/// <summary>
/// The default allowed HTML tag names.
/// </summary>
public static readonly ISet<string> DefaultAllowedTags = new HashSet<string>(StringComparer.OrdinalIgnoreCase) {
public static ISet<string> DefaultAllowedTags { get; } = new HashSet<string>(StringComparer.OrdinalIgnoreCase) {
// https://developer.mozilla.org/en/docs/Web/Guide/HTML/HTML5/HTML5_element_list
"a", "abbr", "acronym", "address", "area", "b",
"big", "blockquote", "br", "button", "caption", "center", "cite",
@@ -179,7 +179,7 @@ namespace Ganss.XSS
/// <summary>
/// The default allowed HTML attributes.
/// </summary>
public static readonly ISet<string> DefaultAllowedAttributes = new HashSet<string>(StringComparer.OrdinalIgnoreCase) {
public static ISet<string> DefaultAllowedAttributes { get; } = new HashSet<string>(StringComparer.OrdinalIgnoreCase) {
// https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes
"abbr", "accept", "accept-charset", "accesskey",
"action", "align", "alt", "axis", "bgcolor", "border", "cellpadding",
@@ -230,7 +230,7 @@ namespace Ganss.XSS
/// <summary>
/// The default URI attributes.
/// </summary>
public static readonly ISet<string> DefaultUriAttributes = new HashSet<string>(StringComparer.OrdinalIgnoreCase) { "action", "background", "dynsrc", "href", "lowsrc", "src" };
public static ISet<string> DefaultUriAttributes { get; } = new HashSet<string>(StringComparer.OrdinalIgnoreCase) { "action", "background", "dynsrc", "href", "lowsrc", "src" };
/// <summary>
/// Gets or sets the allowed CSS properties such as "font" and "margin".
@@ -243,7 +243,7 @@ namespace Ganss.XSS
/// <summary>
/// The default allowed CSS properties.
/// </summary>
public static readonly ISet<string> DefaultAllowedCssProperties = new HashSet<string>(StringComparer.OrdinalIgnoreCase) {
public static ISet<string> DefaultAllowedCssProperties { get; } = new HashSet<string>(StringComparer.OrdinalIgnoreCase) {
// CSS 3 properties <http://www.w3.org/TR/CSS/#properties>
"background", "background-attachment", "background-color",
"background-image", "background-position", "background-repeat",
@@ -396,7 +396,7 @@ namespace Ganss.XSS
/// <summary>
/// Raises the <see cref="E:RemovingCSSClass" /> event.
/// </summary>
/// <param name="e">The <see cref="RemovingCSSClass"/> instance containing the event data.</param>
/// <param name="e">The <see cref="RemovingCssClassEventArgs"/> instance containing the event data.</param>
protected virtual void OnRemovingCssClass(RemovingCssClassEventArgs e)
{
RemovingCssClass?.Invoke(this, e);
@@ -430,12 +430,13 @@ namespace Ganss.XSS
/// <returns>The sanitized HTML body fragment.</returns>
public string Sanitize(string html, string baseUrl = "", IMarkupFormatter outputFormatter = null)
{
var dom = SanitizeDom(html, baseUrl);
var output = dom.Body.ChildNodes.ToHtml(outputFormatter ?? OutputFormatter);
return output;
using (var dom = SanitizeDom(html, baseUrl))
{
var output = dom.Body.ChildNodes.ToHtml(outputFormatter ?? OutputFormatter);
return output;
}
}
/// <summary>
/// Sanitizes the specified HTML body fragment. If a document is given, only the body part will be returned.
/// </summary>
@@ -452,7 +453,7 @@ namespace Ganss.XSS
return dom;
}
/// <summary>
/// Sanitizes the specified HTML document. Even if only a fragment is given, a whole document will be returned.
/// </summary>
@@ -513,7 +514,7 @@ namespace Ganss.XSS
SanitizeStyleSheets(dom, baseUrl);
// cleanup attributes
foreach (var tag in context.QuerySelectorAll("*").OfType<IElement>().ToList())
foreach (var tag in context.QuerySelectorAll("*").ToList())
{
// remove non-whitelisted attributes
foreach (var attribute in tag.Attributes.Where(a => !IsAllowedAttribute(a)).ToList())
@@ -552,15 +553,15 @@ namespace Ganss.XSS
{
var removedClasses = tag.ClassList.Except(allowedTags).ToArray();
foreach(var removedClass in removedClasses)
foreach (var removedClass in removedClasses)
RemoveCssClass(tag, removedClass, RemoveReason.NotAllowedCssClass);
if (!tag.ClassList.Any())
RemoveAttribute(tag, attribute, RemoveReason.ClassAttributeEmpty);
}
else
else if (string.IsNullOrEmpty(attribute.Value))
{
tag.SetAttribute(attribute.Name, attribute.Value);
tag.RemoveAttribute(attribute.Name);
}
}
}
@@ -910,8 +911,8 @@ namespace Ganss.XSS
/// Removes a CSS class from a class attribute.
/// </summary>
/// <param name="tag">Tag the style belongs to</param>
/// <param name="rule">Rule to be removed</param>
/// <returns>true, if the rule can be removed; false, otherwise.</returns>
/// <param name="cssClass">Class to be removed</param>
/// <param name="reason">Reason for removal</param>
private void RemoveCssClass(IElement tag, string cssClass, RemoveReason reason)
{
var e = new RemovingCssClassEventArgs { Tag = tag, CssClass = cssClass, Reason = reason };

38
src/HtmlSanitizer/HtmlSanitizer.csproj
View File

@@ -2,11 +2,11 @@
<PropertyGroup>
<Description>Cleans HTML from constructs that can be used for cross site scripting (XSS)</Description>
<Copyright>Copyright 2013-2017 Michael Ganss</Copyright>
<Copyright>Copyright 2013-2018 Michael Ganss</Copyright>
<AssemblyTitle>HtmlSanitizer</AssemblyTitle>
<VersionPrefix>1.0.0-VERSION</VersionPrefix>
<Authors>Michael Ganss</Authors>
<TargetFrameworks>net40;net45;netstandard1.3</TargetFrameworks>
<TargetFrameworks>net46;netstandard2.0</TargetFrameworks>
<AssemblyName>HtmlSanitizer</AssemblyName>
<AssemblyOriginatorKeyFile>HtmlSanitizer.snk</AssemblyOriginatorKeyFile>
<SignAssembly>true</SignAssembly>
@@ -17,43 +17,21 @@
<PackageLicenseUrl>https://raw.github.com/mganss/HtmlSanitizer/master/LICENSE.md</PackageLicenseUrl>
<RepositoryType>git</RepositoryType>
<RepositoryUrl>git://github.com/mganss/HtmlSanitizer</RepositoryUrl>
<PackageTargetFallback Condition=" '$(TargetFramework)' == 'netstandard1.3' ">$(PackageTargetFallback);dotnet</PackageTargetFallback>
<GenerateAssemblyVersionAttribute>false</GenerateAssemblyVersionAttribute>
<AppConfig Condition="'$(TargetFramework)' == 'net40'">app.net40.config</AppConfig>
<AutoUnifyAssemblyReferences Condition="'$(TargetFramework)' == 'net40'">false</AutoUnifyAssemblyReferences>
<RootNamespace>Ganss.XSS</RootNamespace>
<GenerateDocumentationFile>true</GenerateDocumentationFile>
<DocumentationFile>bin\$(Configuration)\$(TargetFramework)\HtmlSanitizer.xml</DocumentationFile>
</PropertyGroup>
<ItemGroup>
<Reference Include="AngleSharp, Version=0.10.0.0, Culture=neutral, PublicKeyToken=e83494dcdc6d31ea, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\..\..\AngleSharp.Css\src\AngleSharp.Css\bin\Debug\AngleSharp.dll</HintPath>
</Reference>
<Reference Include="AngleSharp.Css">
<HintPath>..\..\..\AngleSharp.Css\src\AngleSharp.Css\bin\Debug\AngleSharp.Css.dll</HintPath>
</Reference>
<PackageReference Include="AngleSharp" Version="[0.9.9]" />
<PackageReference Include="AngleSharp" Version="[0.10.0]" />
<PackageReference Include="AngleSharp.Css" Version="[0.10.0]" />
<PackageReference Include="System.Text.Encoding.CodePages" Version="4.5.0" />
</ItemGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'net40' ">
<ItemGroup Condition=" '$(TargetFramework)' == 'net46' ">
<Reference Include="System" />
<Reference Include="Microsoft.CSharp" />
</ItemGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'net45' ">
<Reference Include="System.Globalization" />
<Reference Include="System.IO" />
<Reference Include="System.Runtime" />
<Reference Include="System" />
<Reference Include="Microsoft.CSharp" />
</ItemGroup>
<PropertyGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
<DefineConstants>$(DefineConstants);NETSTANDARD</DefineConstants>
</PropertyGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'netstandard1.3' ">
<PackageReference Include="System.ComponentModel" Version="4.3.0" />
</ItemGroup>
</Project>

11
src/HtmlSanitizer/IHtmlSanitizer.cs
View File

@@ -1,7 +1,7 @@
using AngleSharp;
using AngleSharp.Dom.Css;
using AngleSharp.Dom.Html;
using AngleSharp.Parser.Html;
using AngleSharp.Css.Dom;
using AngleSharp.Html.Dom;
using AngleSharp.Html.Parser;
using System;
using System.Collections.Generic;
using System.Text.RegularExpressions;
@@ -15,7 +15,7 @@ namespace Ganss.XSS
public interface IHtmlSanitizer
{
/// <summary>
/// Gets or sets a value indicating whether to keep child nodes of elements that are removed. Default is <see cref="DefaultKeepChildNodes"/>.
/// Gets or sets a value indicating whether to keep child nodes of elements that are removed.
/// </summary>
bool KeepChildNodes { get; set; }
@@ -25,7 +25,7 @@ namespace Ganss.XSS
Func<HtmlParser> HtmlParserFactory { get; set; }
/// <summary>
/// Gets or sets the <see cref="IMarkupFormatter"/> object used for generating output. Default is <see cref="DefaultOutputFormatter"/>.
/// Gets or sets the <see cref="IMarkupFormatter"/> object used for generating output.
/// </summary>
IMarkupFormatter OutputFormatter { get; set; }
@@ -90,6 +90,7 @@ namespace Ganss.XSS
/// </value>
Regex DisallowCssPropertyValue { get; set; }
/// <summary>
/// Gets or sets the allowed CSS classes.
/// </summary>
/// <value>

23
src/HtmlSanitizer/Iri.cs
View File

@@ -5,10 +5,33 @@ using System.Text;
namespace Ganss.XSS
{
/// <summary>
/// Represents an Internationalized Resource Identifier
/// </summary>
public class Iri
{
/// <summary>
/// Gets or sets the value of the IRI.
/// </summary>
/// <value>
/// The value of the IRI.
/// </value>
public string Value { get; set; }
/// <summary>
/// Gets a value indicating whether the IRI is absolute.
/// </summary>
/// <value>
/// <c>true</c> if the IRI is absolute; otherwise, <c>false</c>.
/// </value>
public bool IsAbsolute => !string.IsNullOrEmpty(Scheme);
/// <summary>
/// Gets or sets the scheme of the IRI, e.g. http.
/// </summary>
/// <value>
/// The scheme of the IRI.
/// </value>
public string Scheme { get; set; }
}
}

15
src/HtmlSanitizer/app.net40.config
View File

@@ -1,15 +0,0 @@
<?xml version ="1.0"?>
<configuration>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Runtime" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-2.6.8.0" newVersion="2.6.8.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Threading.Tasks" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-2.6.8.0" newVersion="2.6.8.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>

29
test/HtmlSanitizer.Tests/HtmlSanitizer.Tests.csproj
View File

@@ -1,12 +1,10 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFrameworks>netcoreapp1.0;net452</TargetFrameworks>
<TargetFrameworks>netcoreapp2.1;net46</TargetFrameworks>
<AssemblyName>HtmlSanitizer.Tests</AssemblyName>
<PackageId>HtmlSanitizer.Tests</PackageId>
<GenerateRuntimeConfigurationFiles>true</GenerateRuntimeConfigurationFiles>
<PackageTargetFallback Condition=" '$(TargetFramework)' == 'netcoreapp1.0' ">$(PackageTargetFallback);dnxcore50;portable-net45+win8</PackageTargetFallback>
<RuntimeFrameworkVersion Condition=" '$(TargetFramework)' == 'netcoreapp1.0' ">1.0.4</RuntimeFrameworkVersion>
<GenerateAssemblyTitleAttribute>false</GenerateAssemblyTitleAttribute>
<GenerateAssemblyDescriptionAttribute>false</GenerateAssemblyDescriptionAttribute>
<GenerateAssemblyConfigurationAttribute>false</GenerateAssemblyConfigurationAttribute>
@@ -16,30 +14,25 @@
<GenerateAssemblyVersionAttribute>false</GenerateAssemblyVersionAttribute>
</PropertyGroup>
<PropertyGroup>
<SonarQubeExclude>true</SonarQubeExclude>
</PropertyGroup>
<ItemGroup>
<Reference Include="AngleSharp, Version=0.10.0.0, Culture=neutral, PublicKeyToken=e83494dcdc6d31ea, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\..\..\AngleSharp.Css\src\AngleSharp.Css\bin\Debug\AngleSharp.dll</HintPath>
</Reference>
<Reference Include="AngleSharp.Css">
<HintPath>..\..\..\AngleSharp.Css\src\AngleSharp.Css\bin\Debug\AngleSharp.Css.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Net" />
<ProjectReference Include="..\..\src\HtmlSanitizer\HtmlSanitizer.csproj" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.0.0" />
<PackageReference Include="xunit.runner.visualstudio" Version="2.2.0" />
<PackageReference Include="xunit.runner.console" Version="2.2.0" />
<PackageReference Include="xunit" Version="2.2.0" />
<PackageReference Include="coverlet.msbuild" Version="2.1.1" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.8.0" />
<PackageReference Include="xunit.runner.visualstudio" Version="2.4.0" />
<PackageReference Include="xunit.runner.console" Version="2.4.0" />
<PackageReference Include="xunit" Version="2.4.0" />
</ItemGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.0' ">
</ItemGroup>
<ItemGroup Condition=" '$(TargetFramework)' == 'net452' ">
<ItemGroup Condition=" '$(TargetFramework)' == 'net46' ">
<Reference Include="System" />
<Reference Include="Microsoft.CSharp" />
</ItemGroup>

35
test/HtmlSanitizer.Tests/Properties/AssemblyInfo.cs
View File

@@ -1,35 +0,0 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("HtmlSanitizer.Tests")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Michael Ganss")]
[assembly: AssemblyProduct("HtmlSanitizer.Tests")]
[assembly: AssemblyCopyright("Copyright © 2013")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("5e270543-c4f6-459b-91f9-81bdcff0a037")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]

25
test/HtmlSanitizer.Tests/Tests.cs
View File

@@ -2188,7 +2188,7 @@ rl(javascript:alert(""foo""))'>";
public void PostProcessDomTest()
{
var sanitizer = new HtmlSanitizer();
sanitizer.PostProcessDom += (s, e) =>
sanitizer.PostProcessDom += (s, e) =>
{
var p = e.Document.CreateElement("p");
p.TextContent = "World";
@@ -2199,7 +2199,7 @@ rl(javascript:alert(""foo""))'>";
var sanitized = sanitizer.Sanitize(html);
Assert.Equal(@"<div>Hallo</div><p>World</p>", sanitized, ignoreCase: true);
}
[Fact]
public void AutoLinkTest()
{
@@ -2668,7 +2668,7 @@ rl(javascript:alert(""foo""))'>";
Assert.Equal(@"<html><head><style>@namespace url(""http://www.w3.org/1999/xhtml"");
@namespace svg url(""http://www.w3.org/2000/svg"");
@media (min-width: 100px) { div { color: black } }
@page * { margin: 2cm }
@page { margin: 2cm }
@keyframes identifier { 0% { top: 0 } 50% { top: 30px; left: 20px } 50% { top: 10px } 100% { top: 0 } }</style></head><body></body></html>".Replace("\r\n", "\n"),
actual);
}
@@ -2898,7 +2898,7 @@ zqy1QY1kkPOuMvKWvvmFIwClI2393jVVcp91eda4+J+fIYDbfJa7RY5YcNrZhTuV//9k="">
Assert.Equal(0, failures);
}
}
[Fact]
public void AllowAllClassesByDefaultTest()
{
@@ -3001,7 +3001,7 @@ zqy1QY1kkPOuMvKWvvmFIwClI2393jVVcp91eda4+J+fIYDbfJa7RY5YcNrZhTuV//9k="">
var sanitizer = new HtmlSanitizer();
sanitizer.PostProcessNode += (s, e) =>
{
Assert.Equal(1, e.Document.Body.ChildNodes.Count());
Assert.Single(e.Document.Body.ChildNodes);
var text = e.Node as IText;
Assert.NotNull(text);
Assert.Equal("Test1Test2", text.NodeValue);
@@ -3067,6 +3067,21 @@ zqy1QY1kkPOuMvKWvvmFIwClI2393jVVcp91eda4+J+fIYDbfJa7RY5YcNrZhTuV//9k="">
Assert.Equal("<svg>123</svg>", actual);
}
[Fact]
public void SquareBracketTest()
{
// https://github.com/mganss/HtmlSanitizer/issues/137
var sanitizer = new HtmlSanitizer();
sanitizer.AllowedAttributes.Add("[minutes]");
var html = @"<div [minutes]=""2"">123</div>";
var actual = sanitizer.Sanitize(html);
Assert.Equal(html, actual);
}
}
}