Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reallow to customize UrlCheckerAttributeSanitizer (fixes #31) #32

Merged
merged 1 commit into from
Aug 6, 2023
Merged

Reallow to customize UrlCheckerAttributeSanitizer (fixes #31) #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Web.HtmlSanitizer/HtmlSanitizer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ public HtmlSanitizer()
/// </summary>
/// <param name="attribute"></param>
[Obsolete("This method has been deprecated in favor of the UrlCheckerAttributeSanitizer.")]
public static bool AttributeUrlCheck(HtmlAttribute attribute) => new UrlCheckerAttributeSanitizer() { AllowedUriSchemes = defaultAllowedUriSchemes }.AttributeUrlCheck(attribute);
public static bool AttributeUrlCheck(HtmlAttribute attribute) => new UrlCheckerAttributeSanitizer().AttributeUrlCheck(attribute);

/// <summary>
/// Equal to the SimpleHtml5Sanitizer but allows html and body declarations.
Expand Down
23 changes: 14 additions & 9 deletions Web.HtmlSanitizer/UrlCheckerAttributeSanitizer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,20 @@ public class UrlCheckerAttributeSanitizer : IHtmlAttributeSanitizer
/// <summary>
/// Collection of the allowed URI schemes.
/// </summary>
public string[] AllowedUriSchemes { get; internal set; }
public string[] AllowedUriSchemes { get; }

/// <summary>
/// Checks if the attribute contains a valid URL.
/// </summary>
/// <param name="attribute"></param>
/// <param name="tagRule"></param>
/// <returns></returns>
public virtual SanitizerOperation SanitizeAttribute(HtmlAttribute attribute, HtmlSanitizerTagRule tagRule) =>
public UrlCheckerAttributeSanitizer(string[] allowedUriSchemes)
{
AllowedUriSchemes = allowedUriSchemes ?? HtmlSanitizer.defaultAllowedUriSchemes;
}

/// <summary>
/// Checks if the attribute contains a valid URL.
/// </summary>
/// <param name="attribute"></param>
/// <param name="tagRule"></param>
/// <returns></returns>
public virtual SanitizerOperation SanitizeAttribute(HtmlAttribute attribute, HtmlSanitizerTagRule tagRule) =>
// Check the url. We assume that there's no use in keeping for example a link tag without a href, so flatten the tag on failure.
!AttributeUrlCheck(attribute) ? SanitizerOperation.FlattenTag : SanitizerOperation.DoNothing;

Expand Down Expand Up @@ -62,7 +67,7 @@ public static class UrlCheckerAttributeSanitizerFluentHelper
/// </summary>
public static HtmlSanitizerTagRule CheckAttributeUrl(this HtmlSanitizerTagRule rule, string attribute, string[] allowedUriSchemes = null)
{
rule.AttributeChecks.Add(attribute, new UrlCheckerAttributeSanitizer() { AllowedUriSchemes = allowedUriSchemes ?? HtmlSanitizer.defaultAllowedUriSchemes });
rule.AttributeChecks.Add(attribute, new UrlCheckerAttributeSanitizer(allowedUriSchemes));
return rule;
}
}