如何从MCE在ASP

如何从MCE在ASP

关注
发信
关注(28)粉丝(399)

如何从MCE在ASP.NET净化输入?

本文介绍了如何从MCE在ASP.NET净化输入?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有没有在C#中的效用/函数消毒tinyMCE的富文本的源$ C ​​$ C。我想删除危险的标签,但它们列入白名单安全的HTML标签。

Is there a utility/function in C# to sanitize the source code of tinyMCE rich text. I would like to remove dangerous tags but like to whitelist safe html tags.

推荐答案

我不认为有一个内置的清洁剂,可以使用,但这里是我做过什么,当我有同样的问题C#。我用它自带的AjaxControlToolkit HtmlAgilityPackSanitizerProvider。 code是这样的:

I don't think there is a built-in sanitizer for C# that you can use but here is what i did when i had the same issue. I used the HtmlAgilityPackSanitizerProvider which comes with AjaxControlToolkit. Code looks like this:

private static AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider sanitizer = new AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider();

private static Dictionary<string, string[]> elementWhitelist = new Dictionary<string, string[]>
{
    {"b"            , new string[] { "style" }},
    {"strong"       , new string[] { "style" }},
    {"i"            , new string[] { "style" }},
    {"em"           , new string[] { "style" }},
    {"u"            , new string[] { "style" }},
    {"strike"       , new string[] { "style" }},
    {"sub"          , new string[] { "style" }},
    {"sup"          , new string[] { "style" }},
    {"p"            , new string[] { "align" }},
    {"div"          , new string[] { "style", "align" }},
    {"ol"           , new string[] { }},
    {"li"           , new string[] { }},
    {"ul"           , new string[] { }},
    {"a"            , new string[] { "href" }},
    {"font"         , new string[] { "style", "face", "size", "color" }},
    {"span"         , new string[] { "style" }},
    {"blockquote"   , new string[] { "style", "dir" }},
    {"hr"           , new string[] { "size", "width", "id" }},
    {"img"          , new string[] { "src" }},
    {"h1"           , new string[] { "style" }},
    {"h2"           , new string[] { "style" }},
    {"h3"           , new string[] { "style" }},
    {"h4"           , new string[] { "style" }},
    {"h5"           , new string[] { "style" }},
    {"h6"           , new string[] { "style" }}
};

private static Dictionary<string, string[]> attributeWhitelist = new Dictionary<string, string[]>
{
    {"style"    , new string[] {}},
    {"align"    , new string[] {}},
    {"href"     , new string[] {}},
    {"face"     , new string[] {}},
    {"size"     , new string[] {}},
    {"color"    , new string[] {}},
    {"dir"      , new string[] {}},
    {"width"    , new string[] {}},
    {"id"       , new string[] {}},
    {"src"      , new string[] {}}
};

public string SanitizeHtmlInput(string unsafeStr)
{
    return sanitizer.GetSafeHtmlFragment(unsafeStr, elementWhitelist, attributeWhitelist);
}

希望这有助于。

这篇关于如何从MCE在ASP.NET净化输入?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-30 21:01
Powered by LMLPHP ©2024 如何从MCE在ASP 0.043438