Class DefaultFilterRules

Concrete implementation of IFilterRules with conservative rules for creating safe HTML code.

Inheritance

System.Object

DefaultFilterRules

Implements

IFilterRules

Inherited Members

System.Object.ToString()

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

Namespace: EPiServer.HtmlParsing

Assembly: EPiServer.Framework.dll

Version: 10.10.4

Syntax

public class DefaultFilterRules : IFilterRules

Constructors

DefaultFilterRules()

Initializes a new instance of the DefaultFilterRules class.

Declaration

public DefaultFilterRules()

DefaultFilterRules(Func<ElementToken, IEnumerable<AttributeToken>>)

Initializes a new instance of the DefaultFilterRules class.

Declaration

public DefaultFilterRules(Func<ElementToken, IEnumerable<AttributeToken>> whiteList)

Parameters

Type	Name	Description
System.Func<ElementToken, System.Collections.Generic.IEnumerable<AttributeToken>>	whiteList	The white list.

Remarks

The whiteList function will get called for each legal value of ElementToken (as defined by the enumeration) and you are expected to return null if the element should be regarded as unsafe, or return an IEnumerable of AttributeToken indicating which attributes that should be allowed for the requested element.

DefaultFilterRules(Func<ElementToken, IEnumerable<AttributeToken>>, DefaultFilterRules)

Initializes a new instance of the DefaultFilterRules class.

Declaration

public DefaultFilterRules(Func<ElementToken, IEnumerable<AttributeToken>> whiteList, DefaultFilterRules originalRules)

Parameters

Type	Name	Description
System.Func<ElementToken, System.Collections.Generic.IEnumerable<AttributeToken>>	whiteList	The white list.
DefaultFilterRules	originalRules	The original rules.

Remarks

Basically the same as the constructor that just takes the whiteList parameter, the change here is that we will inherit the whitelist from originalRules and simply append any additional information created by the whiteList function.

Methods

ElementFilterLevel(FilterContext)

Determine the level of filtering to apply to this element.

Declaration

public virtual ElementFilterAction ElementFilterLevel(FilterContext context)

Parameters

Type	Name	Description
FilterContext	context	The filtering context.

Returns

Type	Description
ElementFilterAction	An ElementFilterAction enumeration value.

IsSafeAttribute(FilterContext, AttributeToken, String)

Determines whether the attribute is safe in the specified context.

Declaration

public virtual bool IsSafeAttribute(FilterContext context, AttributeToken name, string value)

Parameters

Type	Name	Description
FilterContext	context	The context.
AttributeToken	name	The attribute name.
System.String	value	The attribute value.

Returns

Type	Description
System.Boolean	`true` if the attribute is safe; otherwise, `false`.

Remarks

The attribute value will be delivered with quotes removed, i e you do not need to do special quote handling of the attribute value. Note that it is still possible for the value to contain embedded quotes but they are part of the actual value.

IsSafeTextFragment(FilterContext, String)

Determines whether the text fragment should be regarded as safe in the current context.

Declaration

public virtual bool IsSafeTextFragment(FilterContext context, string content)

Parameters

Type	Name	Description
FilterContext	context	The context.
System.String	content	The content.

Returns

Type	Description
System.Boolean	`true` if the content is safe; otherwise, `false`.

Remarks

The HTML filter will call this method when the fragment is a Special Text Fragment, i e the content of a style or script element. If the text fragment is determined to be unsafe (this method returns false) then the surrounding start and end elements will unconditionally be removed, ignoring the return value from KeepNakedElement.

KeepNakedElement(FilterContext)

Determine whether to keep an element even if it contains no attributes.

Declaration

public virtual bool KeepNakedElement(FilterContext context)

Parameters

Type	Name	Description
FilterContext	context	The context.

Returns

Type	Description
System.Boolean	`true` if the element should be kept even when it contains no attributes; otherwise, `false`.

Remarks

The default behavior should be to return true and special-case the false handling.

Typical scenario is an img element where the src attribute has been removed due to suspected XSS attack. An img without an image to show should be removed completely from the resulting HTML.

Implements

IFilterRules

Extension Methods

IdentityObjectExtensions.GetIdentity(Object)

IdentityObjectExtensions.SetIdentity(Object, Identity)

PropertyBagObjectsExtensions.ToPropertyBag(Object)

PropertyBagObjectsExtensions.ToPropertyBag(Object, IEnumerable<String>)

RuntimeModelExtensions.GetOriginalType(Object)