C#中是否有实用程序/函数来清理tinyMCE富文本的源代码。我想删除危险的标签,但喜欢将安全的html标签列入白名单。
答案 0 :(得分:5)
我不认为你可以使用C#的内置消毒剂,但这就是我遇到同样问题时所做的事情。我使用了AjaxControlToolkit附带的HtmlAgilityPackSanitizerProvider。代码如下所示:
private static AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider sanitizer = new AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider();
private static Dictionary<string, string[]> elementWhitelist = new Dictionary<string, string[]>
{
{"b" , new string[] { "style" }},
{"strong" , new string[] { "style" }},
{"i" , new string[] { "style" }},
{"em" , new string[] { "style" }},
{"u" , new string[] { "style" }},
{"strike" , new string[] { "style" }},
{"sub" , new string[] { "style" }},
{"sup" , new string[] { "style" }},
{"p" , new string[] { "align" }},
{"div" , new string[] { "style", "align" }},
{"ol" , new string[] { }},
{"li" , new string[] { }},
{"ul" , new string[] { }},
{"a" , new string[] { "href" }},
{"font" , new string[] { "style", "face", "size", "color" }},
{"span" , new string[] { "style" }},
{"blockquote" , new string[] { "style", "dir" }},
{"hr" , new string[] { "size", "width", "id" }},
{"img" , new string[] { "src" }},
{"h1" , new string[] { "style" }},
{"h2" , new string[] { "style" }},
{"h3" , new string[] { "style" }},
{"h4" , new string[] { "style" }},
{"h5" , new string[] { "style" }},
{"h6" , new string[] { "style" }}
};
private static Dictionary<string, string[]> attributeWhitelist = new Dictionary<string, string[]>
{
{"style" , new string[] {}},
{"align" , new string[] {}},
{"href" , new string[] {}},
{"face" , new string[] {}},
{"size" , new string[] {}},
{"color" , new string[] {}},
{"dir" , new string[] {}},
{"width" , new string[] {}},
{"id" , new string[] {}},
{"src" , new string[] {}}
};
public string SanitizeHtmlInput(string unsafeStr)
{
return sanitizer.GetSafeHtmlFragment(unsafeStr, elementWhitelist, attributeWhitelist);
}
希望这有帮助。
答案 1 :(得分:1)
清理Html文档涉及许多棘手的事情。这个包可能有帮助: https://github.com/mganss/HtmlSanitizer 我将它用于我自己的项目。