JacksonBruce/HtmlSanitizer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into AngleSharp_0_10

Browse Source
This commit is contained in:
Michael Ganss
2019-01-18 14:17:23 +01:00
parent a81a866a9b dfd5e9d237
commit fa391118a7
3 changed files with 58 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/HtmlSanitizer/EventArgs.cs
View File

@@ -212,4 +212,26 @@ namespace Ganss.XSS
/// </value>
public RemoveReason Reason { get; set; }
}
/// <summary>
/// Provides data for the <see cref="HtmlSanitizer.FilterUrl"/> event.
/// </summary>
public class FilterUrlEventArgs: EventArgs
{
/// <summary>
/// Gets or sets the original URL.
/// </summary>
/// <value>
/// The original URL.
/// </value>
public string OriginalUrl { get; set; }
/// <summary>
/// Gets or sets the sanitized URL.
/// </summary>
/// <value>
/// The sanitized URL. If it is null, it will be removed.
/// </value>
public string SanitizedUrl { get; set; }
}
}

28
src/HtmlSanitizer/HtmlSanitizer.cs
View File

@@ -324,6 +324,10 @@ namespace Ganss.XSS
/// Occurs before a CSS class is removed.
/// </summary>
public event EventHandler<RemovingCssClassEventArgs> RemovingCssClass;
/// <summary>
/// Occurs when a URL is being sanitized.
/// </summary>
public event EventHandler<FilterUrlEventArgs> FilterUrl;
/// <summary>
/// Raises the <see cref="E:PostProcessDom" /> event.
@@ -402,6 +406,15 @@ namespace Ganss.XSS
RemovingCssClass?.Invoke(this, e);
}
/// <summary>
/// Raises the <see cref="E:RemovingUrl" /> event.
/// </summary>
/// <param name="e">The <see cref="FilterUrlEventArgs"/> instance containing the event data.</param>
protected virtual void OnFilteringUrl(FilterUrlEventArgs e)
{
FilterUrl?.Invoke(this, e);
}
/// <summary>
/// Return all nested subnodes of a node.
/// </summary>
@@ -824,13 +837,11 @@ namespace Ganss.XSS
/// <param name="url">The URL.</param>
/// <param name="baseUrl">The base URL relative URLs are resolved against (empty or null for no resolution).</param>
/// <returns>The sanitized URL or null if no safe URL can be created.</returns>
protected string SanitizeUrl(string url, string baseUrl)
protected virtual string SanitizeUrl(string url, string baseUrl)
{
var iri = GetSafeIri(url);
if (iri == null) return null;
if (!iri.IsAbsolute && !string.IsNullOrEmpty(baseUrl))
if (iri != null && !iri.IsAbsolute && !string.IsNullOrEmpty(baseUrl))
{
// resolve relative uri
if (Uri.TryCreate(baseUrl, UriKind.Absolute, out Uri baseUri))
@@ -841,13 +852,16 @@ namespace Ganss.XSS
}
catch (UriFormatException)
{
return null;
iri = null;
}
}
else return null;
else iri = null;
}
return iri.Value;
var e = new FilterUrlEventArgs { OriginalUrl = url, SanitizedUrl = iri?.Value };
OnFilteringUrl(e);
return e.SanitizedUrl;
}
/// <summary>

15
test/HtmlSanitizer.Tests/Tests.cs
View File

@@ -3082,6 +3082,21 @@ zqy1QY1kkPOuMvKWvvmFIwClI2393jVVcp91eda4+J+fIYDbfJa7RY5YcNrZhTuV//9k="">
Assert.Equal(html, actual);
}
[Fact]
public void FilterUrlTest()
{
// https://github.com/mganss/HtmlSanitizer/issues/156
var sanitizer = new HtmlSanitizer();
sanitizer.FilterUrl += (s, e) => e.SanitizedUrl = "https://www.example.com/test.png";
var html = @"<img src=""http://www.example.com/"">";
var actual = sanitizer.Sanitize(html);
Assert.Equal(@"<img src=""https://www.example.com/test.png"">", actual);
}
}
}