AjaxControlToolkit.HtmlEditor.Sanitizer.DefaultHtmlSanitizer.CleanAttributeValue C# (CSharp) Method

DefaultHtmlSanitizer Class Documentation Mostrar archivo Open project: DevExpress/AjaxControlToolkit

CleanAttributeValue() static private method

static private CleanAttributeValue ( IHtmlAttribute attribute ) : void
attribute	IHtmlAttribute
return	void

        static void CleanAttributeValue(IHtmlAttribute attribute)
        {
            var hasMatch = true;
            while(hasMatch) {
                hasMatch = false;

                // basic

                if(Regex.IsMatch(attribute.Value, @"/\*([a]*|[^a]*)\*/", RegexOptions.IgnoreCase))
                    hasMatch = true;
                attribute.Value = Regex.Replace(attribute.Value, @"/\*([a]*|[^a]*)\*/", "", RegexOptions.IgnoreCase);

                if(Regex.IsMatch(attribute.Value, @"\s*j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:.*", RegexOptions.IgnoreCase))
                    hasMatch = true;
                attribute.Value = Regex.Replace(attribute.Value, @"\s*j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t\s*:.*", "", RegexOptions.IgnoreCase);

                if(Regex.IsMatch(attribute.Value, @"\s*s\s*c\s*r\s*i\s*p\s*t\s*", RegexOptions.IgnoreCase))
                    hasMatch = true;
                attribute.Value = Regex.Replace(attribute.Value, @"\s*s\s*c\s*r\s*i\s*p\s*t\s*", "", RegexOptions.IgnoreCase);

                // style attr

                if(attribute.Name == "style") {
                    if(Regex.IsMatch(attribute.Value, @"\s*e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*", RegexOptions.IgnoreCase))
                        hasMatch = true;
                    attribute.Value = Regex.Replace(attribute.Value, @"\s*e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*", "", RegexOptions.IgnoreCase);

                    if(Regex.IsMatch(attribute.Value, @"\s*b\s*e\s*h\s*a\s*v\s*i\s*o\s*r\s*", RegexOptions.IgnoreCase))
                        hasMatch = true;
                    attribute.Value = Regex.Replace(attribute.Value, @"\s*b\s*e\s*h\s*a\s*v\s*i\s*o\s*r\s*", "", RegexOptions.IgnoreCase);

                    if(Regex.IsMatch(attribute.Value, @"-[a-zA-Z\s]+-", RegexOptions.IgnoreCase))
                        hasMatch = true;
                    attribute.Value = Regex.Replace(attribute.Value, @"-[a-zA-Z\s]+-", "", RegexOptions.IgnoreCase);
                }

                // media attr

                if(attribute.Name == "media") {
                    if(Regex.IsMatch(attribute.Value, @"-[a-zA-Z\s]+-", RegexOptions.IgnoreCase))
                        hasMatch = true;
                    attribute.Value = Regex.Replace(attribute.Value, @"-[a-zA-Z\s]+-", "", RegexOptions.IgnoreCase);
                }

                // href & src attrs

                if(attribute.Name == "href" || attribute.Name == "src") {
                    if(Regex.IsMatch(attribute.Value, @"\s*m\s*o\s*c\s*h\s*a\s*", RegexOptions.IgnoreCase))
                        hasMatch = true;

                    attribute.Value = Regex.Replace(attribute.Value, @"\s*m\s*o\s*c\s*h\s*a\s*", "", RegexOptions.IgnoreCase);
                }
            }

            attribute.Value = HttpUtility.HtmlEncode(attribute.Value);

            // HtmlEntity Escape
            var sbAttriuteValue = new StringBuilder();
            foreach(char c in attribute.Value.ToCharArray()) {
                sbAttriuteValue.Append(EncodeCharacterToHtmlEntityEscape(c));
            }

            attribute.Value = sbAttriuteValue.ToString();
        }

DefaultHtmlSanitizer

CleanAttributeValue

CleanAttributes

CleanNodes

EncodeCharacterToHtmlEntityEscape

GetSafeHtmlFragment

Sanitize