CKFinder.Connector.CommandHandlers.FileUploadCommandHandler.CheckNonHtmlFile C# (CSharp) Method

FileUploadCommandHandler Class Documentation Show file Open project: Achilles-Software/CloudStorageProvider

CheckNonHtmlFile() private method

private CheckNonHtmlFile ( System.Web.HttpPostedFile file ) : bool
file System.Web.HttpPostedFile
return bool 
        private bool CheckNonHtmlFile( HttpPostedFile file )
        {
            byte[] buffer = new byte[ 1024 ];
            file.InputStream.Read( buffer, 0, 1024 );

            string firstKB = System.Text.ASCIIEncoding.ASCII.GetString( buffer );

            if ( Regex.IsMatch( firstKB, @"<!DOCTYPE\W*X?HTML", RegexOptions.IgnoreCase | RegexOptions.Singleline ) )
                return false;

            if ( Regex.IsMatch( firstKB, @"<(?:body|head|html|img|pre|script|table|title)", RegexOptions.IgnoreCase | RegexOptions.Singleline ) )
                return false;

            //type = javascript
            if ( Regex.IsMatch( firstKB, @"type\s*=\s*[\'""]?\s*(?:\w*/)?(?:ecma|java)", RegexOptions.IgnoreCase | RegexOptions.Singleline ) )
                return false;

            //href = javascript
            //src = javascript
            //data = javascript
            if ( Regex.IsMatch( firstKB, @"(?:href|src|data)\s*=\s*[\'""]?\s*(?:ecma|java)script:", RegexOptions.IgnoreCase | RegexOptions.Singleline ) )
                return false;

            //url(javascript
            if ( Regex.IsMatch( firstKB, @"url\s*\(\s*[\'""]?\s*(?:ecma|java)script:", RegexOptions.IgnoreCase | RegexOptions.Singleline ) )
                return false;

            return true;
        }
FileUploadCommandHandler
CheckNonHtmlFile
FileUploadCommandHandler
GetJavaScriptCode
SendResponse