Interface IFilterRules
Interface that defines the rules for HTML filtering
Namespace: EPiServer.HtmlParsing
Assembly: EPiServer.Framework.dll
Version: 7.19.2Syntax
public interface IFilterRules
Methods
ElementFilterLevel(FilterContext)
Determine the level of filtering to apply to this element.
Declaration
ElementFilterAction ElementFilterLevel(FilterContext context)
Parameters
Type | Name | Description |
---|---|---|
FilterContext | context | The filtering context. |
Returns
Type | Description |
---|---|
ElementFilterAction | An ElementFilterAction enumeration value. |
IsSafeAttribute(FilterContext, AttributeToken, String)
Determines whether the attribute is safe in the specified context.
Declaration
bool IsSafeAttribute(FilterContext context, AttributeToken name, string value)
Parameters
Type | Name | Description |
---|---|---|
FilterContext | context | The context. |
AttributeToken | name | The attribute name. |
System.String | value | The attribute value. |
Returns
Type | Description |
---|---|
System.Boolean |
|
Remarks
The attribute value will be delivered with quotes removed, i e you do not need to do special quote handling of the attribute value. Note that it is still possible for the value to contain embedded quotes but they are part of the actual value.
IsSafeTextFragment(FilterContext, String)
Determines whether the text fragment should be regarded as safe in the current context.
Declaration
bool IsSafeTextFragment(FilterContext context, string content)
Parameters
Type | Name | Description |
---|---|---|
FilterContext | context | The context. |
System.String | content | The content. |
Returns
Type | Description |
---|---|
System.Boolean |
|
Remarks
The HTML filter will call this method when the fragment is a Special Text Fragment, i e the content of a style or script element. If the text fragment is determined to be unsafe (this method returns false) then the surrounding start and end elements will unconditionally be removed, ignoring the return value from KeepNakedElement.
KeepNakedElement(FilterContext)
Determine whether to keep an element even if it contains no attributes.
Declaration
bool KeepNakedElement(FilterContext context)
Parameters
Type | Name | Description |
---|---|---|
FilterContext | context | The context. |
Returns
Type | Description |
---|---|
System.Boolean |
|
Remarks
The default behavior should be to return true and special-case the false handling.
Typical scenario is an img element where the src attribute has been removed due to suspected XSS attack. An img without an image to show should be removed completely from the resulting HTML.