Fix #156

mganss · Jan 18, 2019 · dfd5e9d · dfd5e9d
1 parent cabae35
commit dfd5e9d
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 7 deletions.
diff --git a/src/HtmlSanitizer/EventArgs.cs b/src/HtmlSanitizer/EventArgs.cs
@@ -212,4 +212,26 @@ public class RemovingCssClassEventArgs : CancelEventArgs
  /// </value>
  public RemoveReason Reason { get; set; }
  }
+
+ /// <summary>
+ /// Provides data for the <see cref="HtmlSanitizer.FilterUrl"/> event.
+ /// </summary>
+ public class FilterUrlEventArgs: EventArgs
+ {
+ /// <summary>
+ /// Gets or sets the original URL.
+ /// </summary>
+ /// <value>
+ /// The original URL.
+ /// </value>
+ public string OriginalUrl { get; set; }
+
+ /// <summary>
+ /// Gets or sets the sanitized URL.
+ /// </summary>
+ /// <value>
+ /// The sanitized URL. If it is null, it will be removed.
+ /// </value>
+ public string SanitizedUrl { get; set; }
+ }
 }
diff --git a/src/HtmlSanitizer/HtmlSanitizer.cs b/src/HtmlSanitizer/HtmlSanitizer.cs
@@ -326,6 +326,10 @@ public Regex DisallowCssPropertyValue
  /// Occurs before a CSS class is removed.
  /// </summary>
  public event EventHandler<RemovingCssClassEventArgs> RemovingCssClass;
+ /// <summary>
+ /// Occurs when a URL is being sanitized.
+ /// </summary>
+ public event EventHandler<FilterUrlEventArgs> FilterUrl;
 
  /// <summary>
  /// Raises the <see cref="E:PostProcessDom" /> event.
@@ -404,6 +408,15 @@ protected virtual void OnRemovingCssClass(RemovingCssClassEventArgs e)
  RemovingCssClass?.Invoke(this, e);
  }
 
+ /// <summary>
+ /// Raises the <see cref="E:RemovingUrl" /> event.
+ /// </summary>
+ /// <param name="e">The <see cref="FilterUrlEventArgs"/> instance containing the event data.</param>
+ protected virtual void OnFilteringUrl(FilterUrlEventArgs e)
+ {
+ FilterUrl?.Invoke(this, e);
+ }
+
  /// <summary>
  /// Return all nested subnodes of a node.
  /// </summary>
@@ -829,13 +842,11 @@ protected Iri GetSafeIri(string url)
  /// <param name="url">The URL.</param>
  /// <param name="baseUrl">The base URL relative URLs are resolved against (empty or null for no resolution).</param>
  /// <returns>The sanitized URL or null if no safe URL can be created.</returns>
- protected string SanitizeUrl(string url, string baseUrl)
+ protected virtual string SanitizeUrl(string url, string baseUrl)
  {
  var iri = GetSafeIri(url);
 
- if (iri == null) return null;
-
- if (!iri.IsAbsolute && !string.IsNullOrEmpty(baseUrl))
+ if (iri != null && !iri.IsAbsolute && !string.IsNullOrEmpty(baseUrl))
  {
  // resolve relative uri
  if (Uri.TryCreate(baseUrl, UriKind.Absolute, out Uri baseUri))
@@ -846,13 +857,16 @@ protected string SanitizeUrl(string url, string baseUrl)
  }
  catch (UriFormatException)
  {
- return null;
+ iri = null;
  }
  }
- else return null;
+ else iri = null;
  }
 
- return iri.Value;
+ var e = new FilterUrlEventArgs { OriginalUrl = url, SanitizedUrl = iri?.Value };
+ OnFilteringUrl(e);
+
+ return e.SanitizedUrl;
  }
 
  /// <summary>

diff --git a/test/HtmlSanitizer.Tests/Tests.cs b/test/HtmlSanitizer.Tests/Tests.cs
@@ -3082,6 +3082,21 @@ public void SquareBracketTest()
 
  Assert.Equal(html, actual);
  }
+
+ [Fact]
+ public void FilterUrlTest()
+ {
+ // https:/mganss/HtmlSanitizer/issues/156
+
+ var sanitizer = new HtmlSanitizer();
+ sanitizer.FilterUrl += (s, e) => e.SanitizedUrl = "https://www.example.com/test.png";
+
+ var html = @"<img src=""http://www.example.com/"">";
+
+ var actual = sanitizer.Sanitize(html);
+
+ Assert.Equal(@"<img src=""https://www.example.com/test.png"">", actual);
+ }
  }
 }