我正在尝试使用HtmlAgilityPack实现 Whitelist HTML Sanitizer 。我想创建一个允许我使用它的可重用 Html Helper。我有其他自定义的 Html 助手,我正在使用它工作得很好,但由于某种原因,这个助手不起作用。每次我尝试从视图中调用它时,都找不到 Sanitize 方法。我试图拨打的电话是局部视图,如下所示:
@Html.Raw(Html.Sanitize(Model.Body))
我的 HTML 助手类:
using System;
using System.Text;
using System.Web.Mvc;
using System.Collections.Generic;
using System.Linq;
using HtmlAgilityPack;
namespace ProjectX.WebUI.HtmlHelpers
{
public static class HtmlSanitizeHelpers
{
private static readonly IDictionary<string, string[]> Whitelist;
private static List<string> DeletableNodesXpath = new List<string>();
static HtmlSanitizeHelpers()
{
Whitelist = new Dictionary<string, string[]> {
{ "a", new[] { "href" } },
{ "strong", null },
{ "em", null },
{ "blockquote", null },
{ "b", null},
{ "p", null},
{ "ul", null},
{ "ol", null},
{ "li", null},
{ "div", new[] { "align" } },
{ "strike", null},
{ "u", null},
{ "sub", null},
{ "sup", null},
{ "table", null },
{ "tr", null },
{ "td", null },
{ "th", null }
};
}
public static MvcHtmlString Sanitize(string input)
{
if (input.Trim().Length < 1)
return MvcHtmlString.Empty;
var htmlDocument = new HtmlDocument();
htmlDocument.LoadHtml(input);
SanitizeNode(htmlDocument.DocumentNode);
string xPath = HtmlSanitizeHelpers.CreateXPath();
return MvcHtmlString.Create(StripHtml(htmlDocument.DocumentNode.WriteTo().Trim(), xPath));
}
private static void SanitizeChildren(HtmlNode parentNode)
{
for (int i = parentNode.ChildNodes.Count - 1; i >= 0; i--)
{
SanitizeNode(parentNode.ChildNodes[i]);
}
}
private static void SanitizeNode(HtmlNode node)
{
if (node.NodeType == HtmlNodeType.Element)
{
if (!Whitelist.ContainsKey(node.Name))
{
if (!DeletableNodesXpath.Contains(node.Name))
{
//DeletableNodesXpath.Add(node.Name.Replace("?",""));
node.Name = "removeableNode";
DeletableNodesXpath.Add(node.Name);
}
if (node.HasChildNodes)
{
SanitizeChildren(node);
}
return;
}
if (node.HasAttributes)
{
for (int i = node.Attributes.Count - 1; i >= 0; i--)
{
HtmlAttribute currentAttribute = node.Attributes[i];
string[] allowedAttributes = Whitelist[node.Name];
if (allowedAttributes != null)
{
if (!allowedAttributes.Contains(currentAttribute.Name))
{
node.Attributes.Remove(currentAttribute);
}
}
else
{
node.Attributes.Remove(currentAttribute);
}
}
}
}
if (node.HasChildNodes)
{
SanitizeChildren(node);
}
}
private static string StripHtml(string html, string xPath)
{
HtmlDocument htmlDoc = new HtmlDocument();
htmlDoc.LoadHtml(html);
if (xPath.Length > 0)
{
HtmlNodeCollection invalidNodes = htmlDoc.DocumentNode.SelectNodes(@xPath);
foreach (HtmlNode node in invalidNodes)
{
node.ParentNode.RemoveChild(node, true);
}
}
return htmlDoc.DocumentNode.WriteContentTo(); ;
}
private static string CreateXPath()
{
string _xPath = string.Empty;
for (int i = 0; i < DeletableNodesXpath.Count; i++)
{
if (i != DeletableNodesXpath.Count - 1)
{
_xPath += string.Format("//{0}|", DeletableNodesXpath[i].ToString());
}
else _xPath += string.Format("//{0}", DeletableNodesXpath[i].ToString());
}
return _xPath;
}
}
}
此代码的大部分内容都归功于此帖子中的答案。
我已经检查过的事情:
- 命名空间已在 Web.Config 文件中正确定义。(我也知道这一点,因为命名空间中的其他人已经工作了)
- 已经完成了项目的干净构建。
- 重新启动 Visual Studio 2010。
关于为什么我似乎无法从课堂上调用该方法的想法?