如何在ASP.NET中清除MCE的输入
本文关键字:清除 MCE 输入 NET ASP | 更新日期: 2023-09-27 18:21:49
C#中是否有一个实用程序/函数可以净化tinyMCE富文本的源代码。我想删除危险的标签,但想把安全的html标签列入白名单。
我不认为有一个内置的C#消毒剂可以使用,但以下是我遇到同样问题时所做的操作。我使用了AjaxControlToolkit附带的HtmlAgilityPackSanitizerProvider。代码如下:
private static AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider sanitizer = new AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider();
private static Dictionary<string, string[]> elementWhitelist = new Dictionary<string, string[]>
{
{"b" , new string[] { "style" }},
{"strong" , new string[] { "style" }},
{"i" , new string[] { "style" }},
{"em" , new string[] { "style" }},
{"u" , new string[] { "style" }},
{"strike" , new string[] { "style" }},
{"sub" , new string[] { "style" }},
{"sup" , new string[] { "style" }},
{"p" , new string[] { "align" }},
{"div" , new string[] { "style", "align" }},
{"ol" , new string[] { }},
{"li" , new string[] { }},
{"ul" , new string[] { }},
{"a" , new string[] { "href" }},
{"font" , new string[] { "style", "face", "size", "color" }},
{"span" , new string[] { "style" }},
{"blockquote" , new string[] { "style", "dir" }},
{"hr" , new string[] { "size", "width", "id" }},
{"img" , new string[] { "src" }},
{"h1" , new string[] { "style" }},
{"h2" , new string[] { "style" }},
{"h3" , new string[] { "style" }},
{"h4" , new string[] { "style" }},
{"h5" , new string[] { "style" }},
{"h6" , new string[] { "style" }}
};
private static Dictionary<string, string[]> attributeWhitelist = new Dictionary<string, string[]>
{
{"style" , new string[] {}},
{"align" , new string[] {}},
{"href" , new string[] {}},
{"face" , new string[] {}},
{"size" , new string[] {}},
{"color" , new string[] {}},
{"dir" , new string[] {}},
{"width" , new string[] {}},
{"id" , new string[] {}},
{"src" , new string[] {}}
};
public string SanitizeHtmlInput(string unsafeStr)
{
return sanitizer.GetSafeHtmlFragment(unsafeStr, elementWhitelist, attributeWhitelist);
}
希望这能有所帮助。
Html文档的清理涉及到很多棘手的事情。此软件包可能会有所帮助:https://github.com/mganss/HtmlSanitizer我把它用于我自己的一个项目。