C# 中是否有一个实用程序/函数来清理 tinyMCE 富文本的源代码。我想删除危险标签,但想将安全的 html 标签列入白名单。
问问题
3448 次
2 回答
5
我认为没有可以使用的 C# 内置消毒剂,但这是我遇到相同问题时所做的。我使用了 AjaxControlToolkit 附带的 HtmlAgilityPackSanitizerProvider。代码如下所示:
private static AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider sanitizer = new AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider();
private static Dictionary<string, string[]> elementWhitelist = new Dictionary<string, string[]>
{
{"b" , new string[] { "style" }},
{"strong" , new string[] { "style" }},
{"i" , new string[] { "style" }},
{"em" , new string[] { "style" }},
{"u" , new string[] { "style" }},
{"strike" , new string[] { "style" }},
{"sub" , new string[] { "style" }},
{"sup" , new string[] { "style" }},
{"p" , new string[] { "align" }},
{"div" , new string[] { "style", "align" }},
{"ol" , new string[] { }},
{"li" , new string[] { }},
{"ul" , new string[] { }},
{"a" , new string[] { "href" }},
{"font" , new string[] { "style", "face", "size", "color" }},
{"span" , new string[] { "style" }},
{"blockquote" , new string[] { "style", "dir" }},
{"hr" , new string[] { "size", "width", "id" }},
{"img" , new string[] { "src" }},
{"h1" , new string[] { "style" }},
{"h2" , new string[] { "style" }},
{"h3" , new string[] { "style" }},
{"h4" , new string[] { "style" }},
{"h5" , new string[] { "style" }},
{"h6" , new string[] { "style" }}
};
private static Dictionary<string, string[]> attributeWhitelist = new Dictionary<string, string[]>
{
{"style" , new string[] {}},
{"align" , new string[] {}},
{"href" , new string[] {}},
{"face" , new string[] {}},
{"size" , new string[] {}},
{"color" , new string[] {}},
{"dir" , new string[] {}},
{"width" , new string[] {}},
{"id" , new string[] {}},
{"src" , new string[] {}}
};
public string SanitizeHtmlInput(string unsafeStr)
{
return sanitizer.GetSafeHtmlFragment(unsafeStr, elementWhitelist, attributeWhitelist);
}
希望这可以帮助。
于 2013-07-10T22:40:10.073 回答
1
清理 Html 文档涉及很多棘手的事情。这个包可能有帮助: https ://github.com/mganss/HtmlSanitizer 我将它用于我自己的项目。
于 2016-01-04T19:56:31.447 回答