|
|
namespace WhichMan.Utilities.HtmlUtils
{
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Linq;
public static class HtmlSanitizer
{
private static readonly Collection<string> Unsafe;
#region - Ctor -
static HtmlSanitizer()
{
var list = new[]
{
"onclick", "ondblclick", "onmousedown", "onmouseup", "onmouseover", "onmousemove",
"onmouseout", "onkeypress", "onkeydown", "onkeyup", "script", "applet", "embed", "frameset",
"iframe", "frame", "object", "ilayer", "layer"
};
Unsafe = new Collection<string>();
foreach (var item in list)
{
Unsafe.Add(item);
}
}
#endregion
public static string Sanitize(string html)
{
var doc = HtmlParser.Parse("<html>" + html + "</html>");
Sanitize(doc);
if (doc.ChildNodes.Count == 0)
return null;
var result = doc.ToString();
return result.Substring(6, result.Length - 13);
}
public static string Sanitize(HtmlElement doc)
{
doc.RemoveUnSafe();
var result = doc.ToString();
return result;
}
private static void RemoveUnSafe(this HtmlElement element)
{
var attributesToRemove = (from attribute in element.Attributes where attribute.IsUnSafe() select attribute);
element.RemoveAll(attributesToRemove);
if (element.Name == "input")
{
foreach (var attribute in element.Attributes)
{
if (attribute.Name == "type" && attribute.Value.ToLower() == "submit")
attribute.Value = "button";
}
}
var nodesToRemove = new List<int>();
for (var i = 0; i < element.ChildNodes.Count; i++)
{
var node = element.ChildNodes[i];
if (node is HtmlInstruction || node is HtmlComment || node.IsUnSafe())
nodesToRemove.Add(i);
}
if (nodesToRemove.Count > 0)
{
var index = nodesToRemove.Count - 1;
while (index > -1)
{
element.ChildNodes.RemoveAt(nodesToRemove[index]);
index--;
}
}
foreach (var node in element.ChildNodes)
{
if (!(node is HtmlElement))
continue;
(node as HtmlElement).RemoveUnSafe();
}
}
private static bool IsUnSafe(this HtmlAttribute attribute)
{
if (Unsafe.Contains(attribute.Name))
return true;
return false;
}
private static bool IsUnSafe(this HtmlNode node)
{
if (!(node is HtmlElement))
return false;
return Unsafe.Contains((node as HtmlElement).Name);
}
}
}
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.
Submit an article or tip