本文整理汇总了C#中HtmlSanitizer类的典型用法代码示例。如果您正苦于以下问题:C# HtmlSanitizer类的具体用法?C# HtmlSanitizer怎么用?C# HtmlSanitizer使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
HtmlSanitizer类属于命名空间,在下文中一共展示了HtmlSanitizer类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: XSSLocatorTest
public void XSSLocatorTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<a href=\"'';!--\"<XSS>=&{()}\">";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = @"<a href=""'';!--"">=&{()}"></a>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例2: ImageXSS2Test
public void ImageXSS2Test()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<IMG SRC=javascript:alert('XSS')>";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "<IMG>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例3: AutoLinkTest
public void AutoLinkTest()
{
var sanitizer = new HtmlSanitizer();
var autolink = new AutoLink();
sanitizer.PostProcessNode += (s, e) =>
{
var text = e.Node as IDomText;
if (text != null)
{
var autolinked = autolink.Link(text.NodeValue);
if (autolinked != text.NodeValue)
foreach (var node in CQ.Create(autolinked))
e.ReplacementNodes.Add(node);
}
};
var html = @"<div>Click here: http://example.com/.</div>";
Assert.That(sanitizer.Sanitize(html), Is.EqualTo(@"<div>Click here: <a href=""http://example.com/"">http://example.com/</a>.</div>").IgnoreCase);
Assert.That(sanitizer.Sanitize("Check out www.google.com."), Is.EqualTo(@"Check out <a href=""http://www.google.com"">www.google.com</a>.").IgnoreCase);
}
示例4: XmlNamespaceXSSTest
public void XmlNamespaceXSSTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<HTML xmlns:xss> <?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"> <xss:xss>XSS</xss:xss></HTML>";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例5: EmbedTagXSSTest
public void EmbedTagXSSTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例6: AnchorTagStyleExpressionXSSTest
public void AnchorTagStyleExpressionXSSTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "exp/*<A STYLE='no\\xss:noxss(\"*//*\");xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'>";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "exp/*<a></a>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例7: DivExpressionXSSTest
public void DivExpressionXSSTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<DIV STYLE=\"width: expression(alert('XSS'));\">";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "<div></div>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例8: DivBackgroundImageWithUnicodedXSSTest
public void DivBackgroundImageWithUnicodedXSSTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = @"<DIV STYLE=""background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028\0027\0058\0053\0053\0027\0029'\0029"">";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "<div></div>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例9: FrameXSSTest
public void FrameXSSTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例10: ImageNullBreaksUpXSSTest2
public void ImageNullBreaksUpXSSTest2()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例11: ImageNullBreaksUpXSSTest1
public void ImageNullBreaksUpXSSTest1()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<IMG SRC=java\0script:alert(\"XSS\")>";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "<img>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例12: ImageMultilineInjectedXSSTest
public void ImageMultilineInjectedXSSTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = @"<IMG
SRC
=
""
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
""
>
";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "<img>\n";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例13: ImageEmbeddedCarriageReturnXSSTest
public void ImageEmbeddedCarriageReturnXSSTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<IMG SRC=\"jav
ascript:alert('XSS');\">";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "<img>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例14: ImageHexEncodeXSSTest
public void ImageHexEncodeXSSTest()
{
// Arrange
var sanitizer = new HtmlSanitizer();
// Act
string htmlFragment = "<IMG SRC=javascript:alert('XSS')>";
string actual = sanitizer.Sanitize(htmlFragment);
// Assert
string expected = "<img>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}
示例15: RussianTextTest
public void RussianTextTest()
{
// Arrange
var s = new HtmlSanitizer();
// Act
var htmlFragment = "Тест";
var outputFormatter = new CsQuery.Output.FormatDefault(DomRenderingOptions.RemoveComments | DomRenderingOptions.QuoteAllAttributes, HtmlEncoders.Minimum);
var actual = s.Sanitize(htmlFragment, "", outputFormatter);
// Assert
var expected = htmlFragment;
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}