Fix #156

Author: mganss

src/HtmlSanitizer/EventArgs.cs

@@ -212,4 +212,26 @@ public class RemovingCssClassEventArgs : CancelEventArgs
         /// </value>
         public RemoveReason Reason { get; set; }
     }
+
+    /// <summary>
+    /// Provides data for the <see cref="HtmlSanitizer.FilterUrl"/> event.
+    /// </summary>
+    public class FilterUrlEventArgs: EventArgs
+    {
+        /// <summary>
+        /// Gets or sets the original URL.
+        /// </summary>
+        /// <value>
+        /// The original URL.
+        /// </value>
+        public string OriginalUrl { get; set; }
+
+        /// <summary>
+        /// Gets or sets the sanitized URL.
+        /// </summary>
+        /// <value>
+        /// The sanitized URL. If it is null, it will be removed.
+        /// </value>
+        public string SanitizedUrl { get; set; }
+    }
 }

src/HtmlSanitizer/HtmlSanitizer.cs

@@ -326,6 +326,10 @@ public Regex DisallowCssPropertyValue
         /// Occurs before a CSS class is removed.
         /// </summary>
         public event EventHandler<RemovingCssClassEventArgs> RemovingCssClass;
+        /// <summary>
+        /// Occurs when a URL is being sanitized.
+        /// </summary>
+        public event EventHandler<FilterUrlEventArgs> FilterUrl;
 
         /// <summary>
         /// Raises the <see cref="E:PostProcessDom" /> event.
@@ -404,6 +408,15 @@ protected virtual void OnRemovingCssClass(RemovingCssClassEventArgs e)
             RemovingCssClass?.Invoke(this, e);
         }
 
+        /// <summary>
+        /// Raises the <see cref="E:RemovingUrl" /> event.
+        /// </summary>
+        /// <param name="e">The <see cref="FilterUrlEventArgs"/> instance containing the event data.</param>
+        protected virtual void OnFilteringUrl(FilterUrlEventArgs e)
+        {
+            FilterUrl?.Invoke(this, e);
+        }
+
         /// <summary>
         /// Return all nested subnodes of a node.
         /// </summary>
@@ -829,13 +842,11 @@ protected Iri GetSafeIri(string url)
         /// <param name="url">The URL.</param>
         /// <param name="baseUrl">The base URL relative URLs are resolved against (empty or null for no resolution).</param>
         /// <returns>The sanitized URL or null if no safe URL can be created.</returns>
-        protected string SanitizeUrl(string url, string baseUrl)
+        protected virtual string SanitizeUrl(string url, string baseUrl)
         {
             var iri = GetSafeIri(url);
 
-            if (iri == null) return null;
-
-            if (!iri.IsAbsolute && !string.IsNullOrEmpty(baseUrl))
+            if (iri != null && !iri.IsAbsolute && !string.IsNullOrEmpty(baseUrl))
             {
                 // resolve relative uri
                 if (Uri.TryCreate(baseUrl, UriKind.Absolute, out Uri baseUri))
@@ -846,13 +857,16 @@ protected string SanitizeUrl(string url, string baseUrl)
                     }
                     catch (UriFormatException)
                     {
-                        return null;
+                        iri = null;
                     }
                 }
-                else return null;
+                else iri = null;
             }
 
-            return iri.Value;
+            var e = new FilterUrlEventArgs { OriginalUrl = url, SanitizedUrl = iri?.Value };
+            OnFilteringUrl(e);
+
+            return e.SanitizedUrl;
         }
 
         /// <summary>

test/HtmlSanitizer.Tests/Tests.cs

@@ -3082,6 +3082,21 @@ public void SquareBracketTest()
 
             Assert.Equal(html, actual);
         }
+
+        [Fact]
+        public void FilterUrlTest()
+        {
+            // https://github.com/mganss/HtmlSanitizer/issues/156
+
+            var sanitizer = new HtmlSanitizer();
+            sanitizer.FilterUrl += (s, e) => e.SanitizedUrl = "https://www.example.com/test.png";
+
+            var html = @"<img src=""http://www.example.com/"">";
+
+            var actual = sanitizer.Sanitize(html);
+
+            Assert.Equal(@"<img src=""https://www.example.com/test.png"">", actual);
+        }
     }
 }