添加 Anti-XSS 后 VS 2008 崩溃
您好,我正在使用 Visual Studio 2008 和 asp.net mvc 2。我需要反 xss 库来清理由富文本编辑器(轻量级 RTE)生成的输入。 我想使用 AntiXss.GetSafeHtmlFragment(input);功能。
问题是,在我引用 anti xss dll 后,VS 2008 崩溃了(第一次工作正常,但后来崩溃了)。
有人如何解决这个问题吗? 如果没有,有人可以向我指出一个可行的替代方案(我尝试使用 html 敏捷包,同时允许白名单,但我只允许没有属性的标签)。
html 敏捷过滤器的代码 -
public static string Filter(string html, string[] allowedTags)
{
HtmlDocument doc = new HtmlDocument();
doc.LoadHtml(html);
StringBuilder buffer = new StringBuilder();
Process(doc.DocumentNode, buffer, allowedTags);
return buffer.ToString();
}
static string[] RemoveChildrenOfTags = new string[] { "script", "style" };
static void Process(HtmlNode node, StringBuilder buffer, string[] allowedTags)
{
switch (node.NodeType)
{
case HtmlNodeType.Text:
buffer.Append(HttpUtility.HtmlEncode(((HtmlTextNode)node).Text));
break;
case HtmlNodeType.Element:
case HtmlNodeType.Document:
bool allowedTag = allowedTags.Contains(node.Name.ToLower());
if (allowedTag)
buffer.AppendFormat("<{0}>", node.Name);
if (!RemoveChildrenOfTags.Contains(node.Name))
foreach (HtmlNode childNode in node.ChildNodes)
Process(childNode, buffer, allowedTags);
if (allowedTag)
buffer.AppendFormat("</{0}>", node.Name);
break;
}
}
谢谢!
Hello I'm using visual studio 2008 with asp.net mvc 2. I need anti xss library to santitize an input which is generated by rich text editor (lightweight RTE).
I want to use AntiXss.GetSafeHtmlFragment(input); function.
the problem is that VS 2008 crashes after I reference anti xss dll (it works fine in the first time but than it crashes).
Does anybody how to fix this problem?
If not can somebody point me to a working altrenative ( I tried using html agility pack while allowing a white list but I have only managed to allow tags without attributes).
the code for the html agility filter -
public static string Filter(string html, string[] allowedTags)
{
HtmlDocument doc = new HtmlDocument();
doc.LoadHtml(html);
StringBuilder buffer = new StringBuilder();
Process(doc.DocumentNode, buffer, allowedTags);
return buffer.ToString();
}
static string[] RemoveChildrenOfTags = new string[] { "script", "style" };
static void Process(HtmlNode node, StringBuilder buffer, string[] allowedTags)
{
switch (node.NodeType)
{
case HtmlNodeType.Text:
buffer.Append(HttpUtility.HtmlEncode(((HtmlTextNode)node).Text));
break;
case HtmlNodeType.Element:
case HtmlNodeType.Document:
bool allowedTag = allowedTags.Contains(node.Name.ToLower());
if (allowedTag)
buffer.AppendFormat("<{0}>", node.Name);
if (!RemoveChildrenOfTags.Contains(node.Name))
foreach (HtmlNode childNode in node.ChildNodes)
Process(childNode, buffer, allowedTags);
if (allowedTag)
buffer.AppendFormat("</{0}>", node.Name);
break;
}
}
Thank you!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我发现为什么 VS 2008 在引用 AntiXss 时会崩溃 - 这是因为 VS 2008 的电源命令插件。删除它就可以了。
I found why VS 2008 is crushing when refrencing to AntiXss- it's because of power commands addin for VS 2008. removed it and it's fine.