20240311

2024-03-11 23:32:03 +03:00
parent bb29af7cff
commit 2a66cf7b61
5 changed files with 196 additions and 75 deletions
--- a/anbs_cpfn/Classes/Sanitizer.cs
+++ b/anbs_cpfn/Classes/Sanitizer.cs
@@ -1,5 +1,4 @@
 using anbs_cp.ForNet.Enums;
-
 using Ganss.Xss;

 namespace anbs_cp.ForNet.Classes;
@@ -9,47 +8,53 @@ namespace anbs_cp.ForNet.Classes;
 /// </summary>
 public static class Sanitizer
 {
+    #region Свойства
+
    /// <summary>
-    /// Очистка текста по уровню очистки
+    /// Все теги запрещены
    /// </summary>
-    /// <param name="html">Текст</param>
-    /// <param name="level">Уровень очистка</param>
-    /// <returns>Очищенный текст</returns>
-    public static string SanitizeHtml (string html, ESanitizerLevel level)
+    public static SanitizerAllowedHtml AllowedNone => GetNone();
+
+    /// <summary>
+    /// Все теги разрешены
+    /// </summary>
+    public static SanitizerAllowedHtml AllowedAll => GetAll();
+
+    /// <summary>
+    /// Оставлены только текстовые теги
+    /// </summary>
+    public static SanitizerAllowedHtml AllowedTextOnly => GetTextFormatOnly();
+
+    /// <summary>
+    /// Оставлены только текстовые теги, а также img и a
+    /// </summary>
+    public static SanitizerAllowedHtml AllowedImageAndLinks => GetImageAndLinks();
+
+    /// <summary>
+    /// Применяются все теги, кроме iframe
+    /// </summary>
+    public static SanitizerAllowedHtml AllowedAllExceptIFrame => GetAllExceptIFrame();
+
+    #endregion
+
+    #region Методы
+
+    /// <summary>
+    /// Очистка html-кода <paramref name="html"/> согласно параметрам <paramref name="allowedHtml"/>
+    /// </summary>
+    /// <param name="html">HTML-код</param>
+    /// <param name="allowedHtml">Параметры очистки</param>
+    /// <returns>Очищенный html-кода</returns>
+    private static string SanitizeHtml(string html, SanitizerAllowedHtml allowedHtml)
    {
+        // Создаю очиститель
        HtmlSanitizer sanitizer = new()
        {
+            // - сохраняю дочерние удалённых
            KeepChildNodes = true
        };

-        switch (level)
-        {
-            case ESanitizerLevel.NoTags:
-                PrepareForNone(ref sanitizer);
-                break;
-            case ESanitizerLevel.TextFormatOnly:
-                PrepareForTextFormatOnly(ref sanitizer);
-                break;
-            case ESanitizerLevel.ImageAndLinks:
-                PrepareForImageAndLinks(ref sanitizer);
-                break;
-            case ESanitizerLevel.AllExceptIFrame:
-                PrepareForAllExceptIFrame(ref sanitizer);
-                break;
-            default:
-                PrepareForNone(ref sanitizer);
-                break;
-        }
-
-        return level != ESanitizerLevel.All ? sanitizer.Sanitize(html) : html;
-    }
-
-    /// <summary>
-    /// Очистка всех тегов
-    /// </summary>
-    /// <param name="sanitizer"><see cref="HtmlSanitizer"/></param>
-    private static void PrepareForNone (ref HtmlSanitizer sanitizer)
-    {
+        // Выключаю все параметры HTML
        sanitizer.AllowedTags.Clear();
        sanitizer.AllowedSchemes.Clear();
        sanitizer.AllowedCssProperties.Clear();
@@ -57,66 +62,146 @@ public static class Sanitizer
        sanitizer.AllowedAttributes.Clear();
        sanitizer.AllowedAtRules.Clear();
        sanitizer.AllowDataAttributes = false;
+
+        // Загружаю параметры
+        sanitizer.AllowedTags.UnionWith(allowedHtml.AllowedTags);
+        sanitizer.AllowedSchemes.UnionWith(allowedHtml.AllowedSchemes);
+        sanitizer.AllowedCssProperties.UnionWith(allowedHtml.AllowedCssProperties);
+        sanitizer.AllowedClasses.UnionWith(allowedHtml.AllowedClasses);
+        sanitizer.AllowedAttributes.UnionWith(allowedHtml.AllowedAttributes);
+        sanitizer.AllowDataAttributes = allowedHtml.AllowDataAttributes;
+
+        // Очищаю html согласно правилам
+        return sanitizer.Sanitize(html);
    }

    /// <summary>
-    /// Остаются только текстовые теги
+    /// Очистка html-кода по уровню очистки
    /// </summary>
-    /// <param name="sanitizer"><see cref="HtmlSanitizer"/></param>
-    private static void PrepareForTextFormatOnly (ref HtmlSanitizer sanitizer)
+    /// <param name="html">HTML-код</param>
+    /// <param name="level">Уровень очистка</param>
+    /// <returns>Очищенный html-код</returns>
+    public static string SanitizeHtml(string html, ESanitizerLevel level)
    {
-        string[] allowedTags =
+        // Получаю параметры очистки
+        SanitizerAllowedHtml allowedHtml = level switch
        {
-            "strong", "b", "em", "i", "u", "hr", "strike", "div", "ol", "ul", "li", "p", "span", "h1", "h2", "h3", "h4"
-        };
-        string[] allowedAttributes =
-        {
-            "align", "bgcolor", "border", "cellpadding", "cellspacing", "charset", "checked", "class", "clear", "color", "cols", "colspan",
-            "datetime", "disabled", "headers", "height", "high", "hspace", "label", "lang", "list", "low", "max", "maxlength", "min", "name",
-            "nowrap", "placeholder", "required", "rev", "rows", "rowspan", "rules", "selected", "size", "span", "spellcheck", "style", "summary",
-            "tabindex", "title", "type", "valign", "value", "vspace", "width", "wrap"
+            ESanitizerLevel.NoTags => AllowedNone,
+            ESanitizerLevel.TextFormatOnly => AllowedTextOnly,
+            ESanitizerLevel.ImageAndLinks => AllowedImageAndLinks,
+            ESanitizerLevel.AllExceptIFrame => AllowedAllExceptIFrame,
+            ESanitizerLevel.All => AllowedAll,
+            var _ => AllowedAll
        };

-        sanitizer.AllowedTags.Clear();
+        // Очищаю код и возвращаю результат очистки
+        return SanitizeHtml(html, allowedHtml);
+    }

-        sanitizer.AllowedTags.UnionWith(allowedTags);
+    #endregion

-        sanitizer.AllowedAtRules.Clear();
-        sanitizer.AllowDataAttributes = false;
+    #region Вспомогателдьные методы

-        sanitizer.AllowedAttributes.Clear();
-        sanitizer.AllowedAttributes.UnionWith(allowedAttributes);
+    /// <summary>
+    /// Получаю параметры, удаляющие все теги
+    /// </summary>
+    /// <returns>Параметры очистки</returns>
+    private static SanitizerAllowedHtml GetNone() =>
+        new()
+        {
+            AllowedTags = [],
+            AllowedAttributes = [],
+            AllowedCssProperties = [],
+            AllowedClasses = [],
+            AllowedSchemes = [],
+            AllowDataAttributes = false
+        };

+    /// <summary>
+    /// Получаю параметры по умолчанию (разрешающие все теги)
+    /// </summary>
+    /// <returns>Параметры очистки</returns>
+    private static SanitizerAllowedHtml GetAll()
+    {
+        // Создаю очиститель
+        HtmlSanitizer sanitizer = new();
+
+        // Создаю модель
+        return new()
+        {
+            AllowedTags = sanitizer.AllowedTags.ToList(),
+            AllowedAttributes = sanitizer.AllowedAttributes.ToList(),
+            AllowedCssProperties = sanitizer.AllowedCssProperties.ToList(),
+            AllowedClasses = sanitizer.AllowedClasses.ToList(),
+            AllowedSchemes = sanitizer.AllowedSchemes.ToList(),
+            AllowDataAttributes = true
+        };
    }

    /// <summary>
-    /// Остаются текстовые теги + изображения и ссылки
+    /// Параметры, оставляющие только текстовые теги
    /// </summary>
-    /// <param name="sanitizer"><see cref="HtmlSanitizer"/></param>
-    private static void PrepareForImageAndLinks (ref HtmlSanitizer sanitizer)
+    /// <returns>Параметры очистки</returns>
+    private static SanitizerAllowedHtml GetTextFormatOnly() =>
+        new()
+        {
+            AllowedTags =
+            [
+                "strong", "b", "em", "i", "u", "hr", "strike", "div", "ol", "ul", "li", "p", "span", "h1", "h2", "h3",
+                "h4"
+            ],
+
+            // ReSharper disable StringLiteralTypo
+            AllowedAttributes =
+            [
+                "align", "bgcolor", "border", "cellpadding", "cellspacing", "charset", "checked", "class", "clear",
+                "color",
+                "cols", "colspan", "datetime", "disabled", "headers", "height", "high", "hspace", "label", "lang",
+                "list",
+                "low", "max", "maxlength", "min", "name", "nowrap", "placeholder", "required", "rev", "rows", "rowspan",
+                "rules", "selected", "size", "span", "spellcheck", "style", "summary", "tabindex", "title", "type",
+                "valign",
+                "value", "vspace", "width", "wrap"
+            ]
+            // ReSharper restore StringLiteralTypo
+        };
+
+    /// <summary>
+    ///  Параметры, оставляющие только текстовые теги, а также img и a
+    /// </summary>
+    /// <returns>Параметры очистки</returns>
+    private static SanitizerAllowedHtml GetImageAndLinks()
    {
-        PrepareForTextFormatOnly(ref sanitizer);
-        string[] allowedTags =
-        {
-            "a", "img"
-        };
+        // Получаю текстовые параметры
+        SanitizerAllowedHtml result = AllowedTextOnly;

-        string[] allowedAttributes =
-        {
-            "alt", "href", "hreflang", "nohref", "rel", "src", "target"
-        };
+        // Добавляю теги
+        result.AllowedTags.AddRange(["a", "img"]);

-        sanitizer.AllowedTags.UnionWith(allowedTags);
+        // Добавляю параметры
+        // ReSharper disable StringLiteralTypo
+        result.AllowedAttributes.AddRange(["alt", "href", "hreflang", "nohref", "rel", "src", "target"]);
+        // ReSharper restore StringLiteralTypo

-        sanitizer.AllowedAttributes.UnionWith(allowedAttributes);
+        // Возвращаю результат
+        return result;
    }

    /// <summary>
-    /// Остаются все теги, за исключением IFRAME
+    /// Применяются все теги, кроме iframe
    /// </summary>
-    /// <param name="sanitizer"><see cref="HtmlSanitizer"/></param>
-    private static void PrepareForAllExceptIFrame (ref HtmlSanitizer sanitizer)
+    /// <returns>Параметры очистки</returns>
+    private static SanitizerAllowedHtml GetAllExceptIFrame()
    {
-        sanitizer.AllowedTags.Remove("iframe");
+        // Получаю все параметры
+        SanitizerAllowedHtml result = AllowedAll;
+
+        // Удаляю iframe
+        result.AllowedTags.Remove("iframe");
+
+        // Возвращаю результат
+        return result;
    }
+
+    #endregion
 }
--- a/anbs_cpfn/Classes/SanitizerAllowedHtml.cs
+++ b/anbs_cpfn/Classes/SanitizerAllowedHtml.cs
@@ -0,0 +1,37 @@
+namespace anbs_cp.ForNet.Classes;
+
+/// <summary>
+/// Допустимые параметры для очистки HTML
+/// </summary>
+public sealed class SanitizerAllowedHtml
+{
+    /// <summary>
+    /// Допустимые теги
+    /// </summary>
+    public List<string> AllowedTags { get; set; } = [];
+
+    /// <summary>
+    /// Допустимые аттрибуты
+    /// </summary>
+    public List<string> AllowedAttributes { get; set; } = [];
+
+    /// <summary>
+    /// Допустимые параметры css
+    /// </summary>
+    public List<string> AllowedCssProperties { get; set; } = [];
+
+    /// <summary>
+    /// Допустимые классы
+    /// </summary>
+    public List<string> AllowedClasses { get; set; } = [];
+
+    /// <summary>
+    /// Допустимые схемы
+    /// </summary>
+    public List<string> AllowedSchemes { get; set; } = [];
+
+    /// <summary>
+    /// Допустимы ли data-атрибуты
+    /// </summary>
+    public bool AllowDataAttributes { get; set; } = false;
+}