Skip to content

Commit a258535

Browse files
committed
Fix #164
1 parent 07835ee commit a258535

File tree

2 files changed

+18
-5
lines changed

2 files changed

+18
-5
lines changed

src/HtmlSanitizer/HtmlSanitizer.cs

+5-5
Original file line numberDiff line numberDiff line change
@@ -482,7 +482,7 @@ public string SanitizeDocument(string html, string baseUrl = "", IMarkupFormatte
482482

483483
using (var dom = parser.Parse(html))
484484
{
485-
DoSanitize(dom, dom.DocumentElement, baseUrl);
485+
DoSanitize(dom, dom, baseUrl);
486486

487487
var output = dom.ToHtml(outputFormatter ?? OutputFormatter);
488488

@@ -503,7 +503,7 @@ public string SanitizeDocument(Stream html, string baseUrl = "", IMarkupFormatte
503503

504504
using (var dom = parser.Parse(html))
505505
{
506-
DoSanitize(dom, dom.DocumentElement, baseUrl);
506+
DoSanitize(dom, dom, baseUrl);
507507

508508
var output = dom.ToHtml(outputFormatter ?? OutputFormatter);
509509

@@ -542,7 +542,7 @@ private void RemoveComments(IElement context)
542542
}
543543
}
544544

545-
private void DoSanitize(IHtmlDocument dom, IElement context, string baseUrl = "")
545+
private void DoSanitize(IHtmlDocument dom, IParentNode context, string baseUrl = "")
546546
{
547547
// remove non-whitelisted tags
548548
foreach (var tag in context.QuerySelectorAll("*").Where(t => !IsAllowedTag(t)).ToList())
@@ -607,9 +607,9 @@ private void DoSanitize(IHtmlDocument dom, IElement context, string baseUrl = ""
607607
}
608608
}
609609

610-
RemoveComments(context);
610+
RemoveComments(context as IElement);
611611

612-
DoPostProcess(dom, context);
612+
DoPostProcess(dom, context as IElement);
613613
}
614614

615615
private void SanitizeStyleSheets(IHtmlDocument dom, string baseUrl)

test/HtmlSanitizer.Tests/Tests.cs

+13
Original file line numberDiff line numberDiff line change
@@ -3135,6 +3135,19 @@ public void RemovingFramesetShouldTriggerEventTest()
31353135
Assert.True(anyNodeRemoved);
31363136
Assert.Equal("<html><head></head></html>", actual);
31373137
}
3138+
3139+
[Fact]
3140+
public void HtmlDocumentTest()
3141+
{
3142+
// https://github.com/mganss/HtmlSanitizer/issues/164
3143+
3144+
var sanitizer = new HtmlSanitizer();
3145+
var html = @"<html onmousemove=""alert(document.location)""><head></head><body></body></html>";
3146+
3147+
var actual = sanitizer.SanitizeDocument(html);
3148+
3149+
Assert.Equal("<html><head></head><body></body></html>", actual);
3150+
}
31383151
}
31393152
}
31403153

0 commit comments

Comments
 (0)