Skip to content

Commit dfd5e9d

Browse files
committed
Fix #156
1 parent cabae35 commit dfd5e9d

File tree

3 files changed

+58
-7
lines changed

3 files changed

+58
-7
lines changed

src/HtmlSanitizer/EventArgs.cs

+22
Original file line numberDiff line numberDiff line change
@@ -212,4 +212,26 @@ public class RemovingCssClassEventArgs : CancelEventArgs
212212
/// </value>
213213
public RemoveReason Reason { get; set; }
214214
}
215+
216+
/// <summary>
217+
/// Provides data for the <see cref="HtmlSanitizer.FilterUrl"/> event.
218+
/// </summary>
219+
public class FilterUrlEventArgs: EventArgs
220+
{
221+
/// <summary>
222+
/// Gets or sets the original URL.
223+
/// </summary>
224+
/// <value>
225+
/// The original URL.
226+
/// </value>
227+
public string OriginalUrl { get; set; }
228+
229+
/// <summary>
230+
/// Gets or sets the sanitized URL.
231+
/// </summary>
232+
/// <value>
233+
/// The sanitized URL. If it is null, it will be removed.
234+
/// </value>
235+
public string SanitizedUrl { get; set; }
236+
}
215237
}

src/HtmlSanitizer/HtmlSanitizer.cs

+21-7
Original file line numberDiff line numberDiff line change
@@ -326,6 +326,10 @@ public Regex DisallowCssPropertyValue
326326
/// Occurs before a CSS class is removed.
327327
/// </summary>
328328
public event EventHandler<RemovingCssClassEventArgs> RemovingCssClass;
329+
/// <summary>
330+
/// Occurs when a URL is being sanitized.
331+
/// </summary>
332+
public event EventHandler<FilterUrlEventArgs> FilterUrl;
329333

330334
/// <summary>
331335
/// Raises the <see cref="E:PostProcessDom" /> event.
@@ -404,6 +408,15 @@ protected virtual void OnRemovingCssClass(RemovingCssClassEventArgs e)
404408
RemovingCssClass?.Invoke(this, e);
405409
}
406410

411+
/// <summary>
412+
/// Raises the <see cref="E:RemovingUrl" /> event.
413+
/// </summary>
414+
/// <param name="e">The <see cref="FilterUrlEventArgs"/> instance containing the event data.</param>
415+
protected virtual void OnFilteringUrl(FilterUrlEventArgs e)
416+
{
417+
FilterUrl?.Invoke(this, e);
418+
}
419+
407420
/// <summary>
408421
/// Return all nested subnodes of a node.
409422
/// </summary>
@@ -829,13 +842,11 @@ protected Iri GetSafeIri(string url)
829842
/// <param name="url">The URL.</param>
830843
/// <param name="baseUrl">The base URL relative URLs are resolved against (empty or null for no resolution).</param>
831844
/// <returns>The sanitized URL or null if no safe URL can be created.</returns>
832-
protected string SanitizeUrl(string url, string baseUrl)
845+
protected virtual string SanitizeUrl(string url, string baseUrl)
833846
{
834847
var iri = GetSafeIri(url);
835848

836-
if (iri == null) return null;
837-
838-
if (!iri.IsAbsolute && !string.IsNullOrEmpty(baseUrl))
849+
if (iri != null && !iri.IsAbsolute && !string.IsNullOrEmpty(baseUrl))
839850
{
840851
// resolve relative uri
841852
if (Uri.TryCreate(baseUrl, UriKind.Absolute, out Uri baseUri))
@@ -846,13 +857,16 @@ protected string SanitizeUrl(string url, string baseUrl)
846857
}
847858
catch (UriFormatException)
848859
{
849-
return null;
860+
iri = null;
850861
}
851862
}
852-
else return null;
863+
else iri = null;
853864
}
854865

855-
return iri.Value;
866+
var e = new FilterUrlEventArgs { OriginalUrl = url, SanitizedUrl = iri?.Value };
867+
OnFilteringUrl(e);
868+
869+
return e.SanitizedUrl;
856870
}
857871

858872
/// <summary>

test/HtmlSanitizer.Tests/Tests.cs

+15
Original file line numberDiff line numberDiff line change
@@ -3082,6 +3082,21 @@ public void SquareBracketTest()
30823082

30833083
Assert.Equal(html, actual);
30843084
}
3085+
3086+
[Fact]
3087+
public void FilterUrlTest()
3088+
{
3089+
// https://github.com/mganss/HtmlSanitizer/issues/156
3090+
3091+
var sanitizer = new HtmlSanitizer();
3092+
sanitizer.FilterUrl += (s, e) => e.SanitizedUrl = "https://www.example.com/test.png";
3093+
3094+
var html = @"<img src=""http://www.example.com/"">";
3095+
3096+
var actual = sanitizer.Sanitize(html);
3097+
3098+
Assert.Equal(@"<img src=""https://www.example.com/test.png"">", actual);
3099+
}
30853100
}
30863101
}
30873102

0 commit comments

Comments
 (0)