本文整理汇总了C#中Roadkill.Core.Text.Sanitizer.MarkupSanitizer.SanitizeHtml方法的典型用法代码示例。如果您正苦于以下问题:C# MarkupSanitizer.SanitizeHtml方法的具体用法?C# MarkupSanitizer.SanitizeHtml怎么用?C# MarkupSanitizer.SanitizeHtml使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Roadkill.Core.Text.Sanitizer.MarkupSanitizer的用法示例。
在下文中一共展示了MarkupSanitizer.SanitizeHtml方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: AnchorTagContentReplaceXSSTest
public void AnchorTagContentReplaceXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例2: shoulddeserializewhitelistfromexistingxmlfile
public void shoulddeserializewhitelistfromexistingxmlfile()
{
// Arrange
string whitelistFile = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Unit", "Text", "whitelist.xml");
ApplicationSettings settings = new ApplicationSettings();
settings.HtmlElementWhiteListPath = whitelistFile;
string htmlFragment = "<test href=\"http://www.google.com\">link</test> <blah id=\"myid\" class=\"class1 class2\">somediv</blah><a href=\"test\">test</a>";
// Act
MarkupSanitizer sanitizer = new MarkupSanitizer(settings);
sanitizer.SetWhiteListCacheKey("ShouldDeserializeWhiteListFromExistingXmlFile");
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<test href=\"http://www.google.com\">link</test> <blah id=\"myid\" class=\"class1 class2\">somediv</blah>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例3: AnchorTagNonAlphaNonDigitXSSTest
public void AnchorTagNonAlphaNonDigitXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">XSS</A>";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<A HREF=\"http://www.codeplex.com?url=&lt;/XSS SRC=\">\">XSS</A>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例4: XmlNamespaceXSSTest
public void XmlNamespaceXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<HTML xmlns:xss> <?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"> <xss:xss>XSS</xss:xss></HTML>";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例5: AnchorTagUSASCIIEncodingXSSTest
public void AnchorTagUSASCIIEncodingXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=¼script¾alert(¢XSS¢)¼/script¾\">XSS</A>";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<A HREF=\"http://www.codeplex.com?url=&#188;&#190;alert(&#162;XSS&#162;)&#188;/&#190;\">XSS</A>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例6: DivJavascriptEscapingXSSTest
public void DivJavascriptEscapingXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<div style=\"\";alert('XSS');//\">";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<div style=\"\"></div>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例7: DivNonAlphaNonDigit3XSSTest
public void DivNonAlphaNonDigit3XSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<Div style=\"background-color: http://www.codeplex.com?url=<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>\">";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<Div style=\"background-color: http://www.codeplex.com?url=&lt;/SRC=\">\"></Div>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例8: DivExpressionXSSTest
public void DivExpressionXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<DIV STYLE=\"width: expression(alert('XSS'));\">";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<DIV STYLE=\"width:(alert(&#39;XSS&#39;));\"></Div>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例9: AnchorTagDownlevelHiddenBlockXSSTest
public void AnchorTagDownlevelHiddenBlockXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<A HREF=\"http://www.codeplex.com?url=<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->\">XSS</A>";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<A HREF=\"http://www.codeplex.com?url=&lt;!--[if gte IE 4]&gt;&lt;&gt;alert(&#39;XSS&#39;);&lt;/&gt;&lt;![endif]--&gt;\">XSS</A>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例10: BGSoundXSSTest
public void BGSoundXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<BGSOUND SRC=\"javascript:alert('XSS');\">";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例11: DivBackgroundImageWithUnicodedXSSTest
public void DivBackgroundImageWithUnicodedXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<DIV STYLE=\"background-image:�075�072�06C�028&#39;�06a�061�076�061�073�063�072�069�070�074�03a�061�06c�065�072�074�028.1027�058.1053�053�027�029&#39;�029\"></div>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例12: AnchorTagJavascriptLinkLocationXSSTest
public void AnchorTagJavascriptLinkLocationXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<A HREF=\":document.location=&#39;http://www.google.com/&#39;\">XSS</A>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例13: AnchorTagMixedEncodingXSSTest
public void AnchorTagMixedEncodingXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = @"<A HREF=""h
tt p://6	6.000146.0x7.147/"">XSS</A>";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<A HREF=\"h
tt	p://6&amp;#9;6.000146.0x7.147/\">XSS</A>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例14: AnchorTagIPVersesHostnameXSSTest
public void AnchorTagIPVersesHostnameXSSTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<A HREF=\"http://66.102.7.147/\">XSS</A>";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<A HREF=\"http://66.102.7.147/\">XSS</A>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}示例15: XSSLocatorTest
public void XSSLocatorTest()
{
// Arrange
MarkupSanitizer sanitizer = new MarkupSanitizer(_settings);
// Act
string htmlFragment = "<a href=\"'';!--\"<XSS>=&{()}\">";
string actual = sanitizer.SanitizeHtml(htmlFragment);
// Assert
string expected = "<a href=\"&#39;&#39;;!--\"></a>";
Assert.That(actual, Is.EqualTo(expected).IgnoreCase);
}