Class Cleaner
The whitelist based HTML cleaner.
Inheritance
Namespace: Supremes.Safety
Assembly: Supremes.dll
Syntax
public sealed class Cleaner : objectRemarks
The whitelist based HTML cleaner. Use to ensure that end-user provided HTML contains only the elements and attributes that you are expecting; no junk, and no cross-site scripting attacks!
The HTML cleaner parses the input as HTML and then runs it through a white-list, so the output HTML can only contain HTML that is allowed by the whitelist.
It is assumed that the input HTML is a body fragment; the clean methods only pull from the source's body, and the canned white-lists only allow body contained tags.
Rather than interacting directly with a Cleaner object, generally see the
Clean
methods in
Dcsoup
.
Constructors
Cleaner(Whitelist)
Create a new cleaner, that sanitizes documents using the supplied whitelist.
Declaration
public Cleaner(Whitelist whitelist)Parameters
| Type | Name | Description |
|---|---|---|
| Whitelist | whitelist | white-list to clean with |
Methods
Clean(Document)
Creates a new, clean document, from the original dirty document, containing only elements allowed by the whitelist.
Declaration
public Document Clean(Document dirtyDocument)Parameters
| Type | Name | Description |
|---|---|---|
| Document | dirtyDocument | Untrusted base document to clean. |
Returns
| Type | Description |
|---|---|
| Document | cleaned document. |
Remarks
The original document is not modified.
Only elements from the dirt document's body are used.
IsValid(Document)
Determines if the input document is valid, against the whitelist.
Declaration
public bool IsValid(Document dirtyDocument)Parameters
| Type | Name | Description |
|---|---|---|
| Document | dirtyDocument | document to test |
Returns
| Type | Description |
|---|---|
| System.Boolean | true if no tags or attributes need to be removed; false if they do |
Remarks
It is considered valid if all the tags and attributes in the input HTML are allowed by the whitelist.
This method can be used as a validator for user input forms. An invalid document will still be cleaned successfully using the Clean(Document) document. If using as a validator, it is recommended to still clean the document to ensure enforced attributes are set correctly, and that the output is tidied.