├── .prettierrc
├── .prettierignore
├── AntiXSS.snk
├── Documentation
└── AntiXSS v4.3.docx
├── .github
├── dependabot.yml
├── workflows
│ ├── dependency-review.yml
│ ├── component-detection.yml
│ ├── semantic-pull-request.yml
│ ├── codeql.yml
│ ├── dotnet.yml
│ ├── release.yml
│ └── linter.yml
└── ISSUE_TEMPLATE
│ ├── feature_request.md
│ └── bug_report.md
├── Microsoft.Security.Application.Encoder.UnitTests
├── .editorconfig
├── Microsoft.Security.Application.Encoder.UnitTests.csproj
├── CodeChartHelperTests.cs
├── UpperUnicode.cs
├── EncoderUtilTest.cs
├── SurrogateTests.cs
├── NullInputTest.cs
└── EmptyStringTests.cs
├── Microsoft.Security.Application.HtmlSanitization.Tests
├── .editorconfig
├── GlobalSuppressions.cs
└── Microsoft.Security.Application.HtmlSanitization.Tests.csproj
├── .config
└── dotnet-tools.json
├── global.json
├── README.md
├── Directory.Packages.props
├── Microsoft.Security.Application.HtmlSanitization
├── TextConverters
│ ├── COMMON
│ │ ├── TextMapping.cs
│ │ ├── IByteSource.cs
│ │ ├── IReusable.cs
│ │ ├── IProgressMonitor.cs
│ │ ├── ITextSinkEx.cs
│ │ ├── IProducerConsumer.cs
│ │ ├── IRestartable.cs
│ │ ├── ITextSink.cs
│ │ ├── Injection.cs
│ │ ├── StringBuildSink.cs
│ │ ├── ConverterInput.cs
│ │ ├── UrlCompareSink.cs
│ │ ├── RecognizeInterestingFontName.cs
│ │ ├── ConverterOutput.cs
│ │ └── HashCode.cs
│ ├── HTML
│ │ ├── HtmlTagCallback.cs
│ │ ├── HtmlAttributeParts.cs
│ │ ├── HtmlTagId.cs
│ │ ├── HtmlTagIndex.cs
│ │ ├── HtmlTagParts.cs
│ │ ├── HtmlAttributeId.cs
│ │ └── HtmlTagContext.cs
│ └── TextConvertersException.cs
├── GlobalSuppressions.cs
├── Globalization
│ ├── OutboundCodepageDetector.cs
│ ├── CharsetNotInstalledException.cs
│ ├── InvalidCharsetException.cs
│ ├── ApplicationServices.cs
│ ├── Microsoft.Exchange.CtsResources.GlobalizationStrings.cs
│ ├── CodepageDetectData.cs
│ └── CodepageMap.cs
├── Shared
│ ├── IApplicationServices.cs
│ ├── CtsConfigurationArgument.cs
│ ├── CtsConfigurationSetting.cs
│ ├── DataException.cs
│ ├── DefaultApplicationServices.cs
│ └── InternalDebug.cs
├── Microsoft.Security.Application.HtmlSanitization.csproj
└── packages.lock.json
├── Microsoft.Security.Application.Encoder
├── Properties
│ └── AssemblyInfo.cs
├── GlobalSuppressions.cs
├── Microsoft.Security.Application.Encoder.csproj
├── CodeCharts
│ └── CodeChartHelper.cs
├── EncoderUtil.cs
├── packages.lock.json
├── InvalidUnicodeValueException.cs
├── CssEncoder.cs
└── InvalidSurrogatePairException.cs
├── CHANGELOG.md
├── CommonAssemblyInfo.cs
├── FxCopDictionary.xml
├── Directory.Build.props
├── package.json
├── License.txt
├── AntiXSS.sln
└── .gitignore
/.prettierrc:
--------------------------------------------------------------------------------
1 | {}
2 |
--------------------------------------------------------------------------------
/.prettierignore:
--------------------------------------------------------------------------------
1 | package.json
2 | package-lock.json
3 | packages.lock.json
--------------------------------------------------------------------------------
/AntiXSS.snk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AlbusKavaliro/AntiXss/HEAD/AntiXSS.snk
--------------------------------------------------------------------------------
/Documentation/AntiXSS v4.3.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AlbusKavaliro/AntiXss/HEAD/Documentation/AntiXSS v4.3.docx
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: nuget
4 | directory: "/"
5 | schedule:
6 | interval: monthly
7 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder.UnitTests/.editorconfig:
--------------------------------------------------------------------------------
1 | [*.cs]
2 | dotnet_diagnostic.CA1515.severity = none
3 | dotnet_diagnostic.CA1707.severity = none
4 | dotnet_diagnostic.CA1861.severity = none
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization.Tests/.editorconfig:
--------------------------------------------------------------------------------
1 | [*.cs]
2 | dotnet_diagnostic.CA1515.severity = none
3 | dotnet_diagnostic.CA1707.severity = none
4 | dotnet_diagnostic.CA1861.severity = none
--------------------------------------------------------------------------------
/.config/dotnet-tools.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": 1,
3 | "isRoot": true,
4 | "tools": {
5 | "trx2junit": {
6 | "version": "2.1.0",
7 | "commands": [
8 | "trx2junit"
9 | ],
10 | "rollForward": false
11 | }
12 | }
13 | }
--------------------------------------------------------------------------------
/global.json:
--------------------------------------------------------------------------------
1 | {
2 | "sdk": {
3 | "version": "10.0.100",
4 | "rollForward": "latestFeature"
5 | },
6 | "msbuild-sdks": {
7 | "MSTest.Sdk": "4.0.2"
8 | },
9 | "test": {
10 | "runner": "Microsoft.Testing.Platform"
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/.github/workflows/dependency-review.yml:
--------------------------------------------------------------------------------
1 | name: "Dependency Review"
2 | on: [pull_request]
3 |
4 | permissions:
5 | contents: read
6 |
7 | jobs:
8 | dependency-review:
9 | runs-on: ubuntu-slim
10 | steps:
11 | - name: "Checkout Repository"
12 | uses: actions/checkout@v5.0.0
13 | - name: "Dependency Review"
14 | uses: actions/dependency-review-action@v4.8.0
15 |
--------------------------------------------------------------------------------
/.github/workflows/component-detection.yml:
--------------------------------------------------------------------------------
1 | name: Component Detection
2 |
3 | on:
4 | workflow_dispatch:
5 | push:
6 |
7 | permissions:
8 | id-token: write
9 | contents: write
10 |
11 | jobs:
12 | dependency-submission:
13 | runs-on: ubuntu-slim
14 | steps:
15 | - uses: actions/checkout@v5.0.0
16 | - name: Component detection
17 | uses: advanced-security/component-detection-dependency-submission-action@v0.1.0
18 |
--------------------------------------------------------------------------------
/.github/workflows/semantic-pull-request.yml:
--------------------------------------------------------------------------------
1 | name: "Lint PR"
2 |
3 | on:
4 | pull_request_target:
5 | types:
6 | - opened
7 | - edited
8 | - synchronize
9 |
10 | permissions:
11 | pull-requests: read
12 |
13 | jobs:
14 | main:
15 | name: Validate PR title
16 | runs-on: ubuntu-slim
17 | steps:
18 | - uses: amannn/action-semantic-pull-request@v6.1.1
19 | env:
20 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
21 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AntiXss
2 |
3 | Inofficial port of the [Microsoft Web Protection Library](https://wpl.codeplex.com) ([Web Archive](https://web.archive.org/web/20180126072328/http://wpl.codeplex.com/)) to .NET Standard 2.0.
4 |
5 | ## CI
6 |
7 | New versions are released automatically on GitHub Releases and to NuGet using [semantic-release](https://semantic-release.gitbook.io).
8 |
9 | ## NuGet
10 |
11 | - [AntiXSS.NetStandard](https://www.nuget.org/packages/AntiXSS.NetStandard/)
12 | - [AntiXSS.NetStandard.HtmlSanitization](https://www.nuget.org/packages/AntiXSS.NetStandard.HtmlSanitization/)
13 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization.Tests/GlobalSuppressions.cs:
--------------------------------------------------------------------------------
1 | // This file is used by Code Analysis to maintain SuppressMessage
2 | // attributes that are applied to this project.
3 | // Project-level suppressions either have no target or are given
4 | // a specific target and scoped to a namespace, type, member, etc.
5 |
6 | [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Naming", "CA1707:Bezeichner dürfen keine Unterstriche enthalten", Justification = "Legibility", Scope = "member", Target = "~M:Microsoft.Security.Application.HtmlSanitization.Tests.SanitizerTests.GetSafeHtmlFragment_XMLTagsShouldBeRemoved")]
7 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization.Tests/Microsoft.Security.Application.HtmlSanitization.Tests.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 | net10.0
4 | Microsoft.Security.Application.HtmlSanitization.Tests
5 | Microsoft.Security.Application.HtmlSanitization.Tests
6 | AllMicrosoft
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder.UnitTests/Microsoft.Security.Application.Encoder.UnitTests.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 | net10.0
4 | Microsoft.Security.Application.Tests
5 | AntiXSS Unit Tests
6 | Unit Tests for the AntiXSS Library
7 | AllMicrosoft
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 | title: ""
5 | labels: ""
6 | assignees: ""
7 | ---
8 |
9 | **Is your feature request related to a problem? Please describe.**
10 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
11 |
12 | **Describe the solution you'd like**
13 | A clear and concise description of what you want to happen.
14 |
15 | **Describe alternatives you've considered**
16 | A clear and concise description of any alternative solutions or features you've considered.
17 |
18 | **Additional context**
19 | Add any other context or screenshots about the feature request here.
20 |
--------------------------------------------------------------------------------
/Directory.Packages.props:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 | true
5 | true
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ""
5 | labels: ""
6 | assignees: ""
7 | ---
8 |
9 | **Describe the bug**
10 | A clear and concise description of what the bug is.
11 |
12 | **To Reproduce**
13 | Steps to reproduce the behavior:
14 |
15 | 1. Go to '...'
16 | 2. Click on '....'
17 | 3. Scroll down to '....'
18 | 4. See error
19 |
20 | **Expected behavior**
21 | A clear and concise description of what you expected to happen.
22 |
23 | **Screenshots**
24 | If applicable, add screenshots to help explain your problem.
25 |
26 | **Desktop (please complete the following information):**
27 |
28 | - OS: [e.g. iOS]
29 | - Browser [e.g. chrome, safari]
30 | - Version [e.g. 22]
31 |
32 | **Smartphone (please complete the following information):**
33 |
34 | - Device: [e.g. iPhone6]
35 | - OS: [e.g. iOS8.1]
36 | - Browser [e.g. stock browser, safari]
37 | - Version [e.g. 22]
38 |
39 | **Additional context**
40 | Add any other context about the problem here.
41 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/TextMapping.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | internal enum TextMapping : byte
22 | {
23 | Unicode = 0,
24 | Symbol,
25 | Wingdings,
26 | OtherSymbol
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Assembly settings.
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 | using System.Security;
20 |
21 | [assembly: AllowPartiallyTrustedCallers]
22 | [assembly: SecurityTransparent]
23 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | ## [0.2.2](https://github.com/AlbusKavaliro/AntiXss/compare/v0.2.1...v0.2.2) (2025-11-13)
2 |
3 |
4 | ### Bug Fixes
5 |
6 | * Add @semantic-release/changelog ([2096232](https://github.com/AlbusKavaliro/AntiXss/commit/2096232f1574b054dc6515675c4d98b6ee93e55c))
7 | * **deps:** Regenerate lock files ([7e004fa](https://github.com/AlbusKavaliro/AntiXss/commit/7e004fa956c729b2293c68cf94ae377bb670f378))
8 |
9 | ## [0.2.2-beta.1](https://github.com/AlbusKavaliro/AntiXss/compare/v0.2.1...v0.2.2-beta.1) (2025-10-02)
10 |
11 |
12 | ### Bug Fixes
13 |
14 | * Add @semantic-release/changelog ([2096232](https://github.com/AlbusKavaliro/AntiXss/commit/2096232f1574b054dc6515675c4d98b6ee93e55c))
15 | * **deps:** Regenerate lock files ([7e004fa](https://github.com/AlbusKavaliro/AntiXss/commit/7e004fa956c729b2293c68cf94ae377bb670f378))
16 |
17 | ## [0.2.1-beta.3](https://github.com/AlbusKavaliro/AntiXss/compare/v0.2.1-beta.2...v0.2.1-beta.3) (2025-10-02)
18 |
19 |
20 | ### Bug Fixes
21 |
22 | * Add @semantic-release/changelog ([2096232](https://github.com/AlbusKavaliro/AntiXss/commit/2096232f1574b054dc6515675c4d98b6ee93e55c))
23 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder/GlobalSuppressions.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Global FXCop supressions.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2243:AttributeStringLiteralsShouldParseCorrectly")]
20 |
--------------------------------------------------------------------------------
/CommonAssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Solution wide assembly settings.
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 | using System;
20 | using System.Reflection;
21 | using System.Resources;
22 | using System.Runtime.InteropServices;
23 |
24 | [assembly: CLSCompliant(true)]
25 | [assembly: NeutralResourcesLanguageAttribute("en")]
26 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/IByteSource.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Interface definition for Byte Source.
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | ///
22 | /// Interface definition for Byte Source.
23 | ///
24 | internal interface IByteSource
25 | {
26 | bool GetOutputChunk(out byte[] chunkBuffer, out int chunkOffset, out int chunkLength);
27 |
28 | void ReportOutput(int readCount);
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/.github/workflows/codeql.yml:
--------------------------------------------------------------------------------
1 | name: "CodeQL"
2 |
3 | on:
4 | workflow_dispatch:
5 | push:
6 | branches:
7 | - main
8 | - next
9 | - beta
10 | - dev
11 | - "*.x"
12 | pull_request:
13 | # The branches below must be a subset of the branches above
14 | branches:
15 | - main
16 | - next
17 | - beta
18 | - dev
19 | - "*.x"
20 | schedule:
21 | - cron: "42 2 * * 5"
22 |
23 | jobs:
24 | analyze:
25 | name: Analyze
26 | runs-on: ubuntu-slim
27 | permissions:
28 | actions: read
29 | contents: read
30 | security-events: write
31 |
32 | strategy:
33 | fail-fast: false
34 | matrix:
35 | language: ["csharp"]
36 |
37 | steps:
38 | - name: Checkout repository
39 | uses: actions/checkout@v5.0.0
40 | with:
41 | fetch-depth: 0
42 |
43 | # Initializes the CodeQL tools for scanning.
44 | - name: Initialize CodeQL
45 | uses: github/codeql-action/init@v3.30.5
46 | with:
47 | languages: ${{ matrix.language }}
48 |
49 | - name: Autobuild
50 | uses: github/codeql-action/autobuild@v3.30.5
51 |
52 | - name: Perform CodeQL Analysis
53 | uses: github/codeql-action/analyze@v3.30.5
54 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/HTML/HtmlTagCallback.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Delegate callback definition for the HTML tag.
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | ///
22 | /// Delegate callback definition for the HTML tag.
23 | ///
24 | /// An instance fo the HtmlTagContext object.
25 | /// An instance fo the HtmlWriter object.
26 | internal delegate void HtmlTagCallback(HtmlTagContext tagContext, HtmlWriter htmlWriter);
27 | }
28 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/GlobalSuppressions.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Global FXCop suppressions.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1020:AvoidNamespacesWithFewTypes", Scope = "namespace", Target = "Microsoft.Security.Application", Justification = "This namespace is split between multiple assemblies.")]
20 | [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2243:AttributeStringLiteralsShouldParseCorrectly")]
21 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/IReusable.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Interface declaration for classes that are reusable.
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | ///
22 | /// Interface declaration for classes that are reusable.
23 | ///
24 | internal interface IReusable
25 | {
26 | ///
27 | /// Initializes the specified new source or destination.
28 | ///
29 | /// The new source or destination.
30 | void Initialize(object newSourceOrDestination);
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/HTML/HtmlAttributeParts.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using Internal.Html;
22 | using Security.Application.TextConverters.HTML;
23 |
24 | internal struct HtmlAttributeParts
25 | {
26 | private readonly HtmlToken.AttrPartMajor major;
27 | private readonly HtmlToken.AttrPartMinor minor;
28 |
29 | internal HtmlAttributeParts(HtmlToken.AttrPartMajor major, HtmlToken.AttrPartMinor minor)
30 | {
31 | this.minor = minor;
32 | this.major = major;
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/IProgressMonitor.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Interface declaration for classes which can report progress.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | ///
22 | /// Interface for classes which can report progress.
23 | ///
24 | internal interface IProgressMonitor
25 | {
26 | ///
27 | /// Report the progress of the current operation.
28 | ///
29 | void ReportProgress();
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/ITextSinkEx.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Interface declaration for classes needing to write.
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | ///
22 | /// Interface declaration for classes needing to write.
23 | ///
24 | internal interface ITextSinkEx : ITextSink
25 | {
26 | ///
27 | /// Writes the specified value.
28 | ///
29 | /// The value.
30 | void Write(string value);
31 |
32 | ///
33 | /// Writes the new line.
34 | ///
35 | void WriteNewLine();
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/IProducerConsumer.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Interface declaration for Producer Consumer.
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | ///
22 | /// Interface declaration for Producer Consumer.
23 | ///
24 | internal interface IProducerConsumer
25 | {
26 | ///
27 | /// Runs this instance.
28 | ///
29 | void Run();
30 |
31 | ///
32 | /// Flushes this instance.
33 | ///
34 | ///
35 | /// true if flush is successful; otherwise false.
36 | ///
37 | bool Flush();
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/.github/workflows/dotnet.yml:
--------------------------------------------------------------------------------
1 | name: .NET
2 |
3 | on:
4 | push:
5 | branches:
6 | - main
7 | - next
8 | - beta
9 | - dev
10 | - "*.x"
11 | pull_request:
12 | branches:
13 | - main
14 | - next
15 | - beta
16 | - dev
17 | - "*.x"
18 |
19 | jobs:
20 | build:
21 | runs-on: ubuntu-slim
22 |
23 | steps:
24 | - uses: actions/checkout@v5.0.0
25 | - name: Setup .NET
26 | uses: actions/setup-dotnet@v5.0.0
27 | with:
28 | global-json-file: global.json
29 | - name: Restore tools
30 | run: dotnet tool restore
31 | - name: Restore dependencies
32 | run: dotnet restore --locked-mode
33 | - name: Build
34 | run: dotnet build --no-restore
35 | - name: Test
36 | run: dotnet test --no-build --verbosity normal -p:TestingPlatformCommandLineArguments="--report-trx --coverage --coverage-output-format cobertura --coverage-output coverage.cobertura.xml"
37 | - name: Convert test results
38 | if: ${{ !cancelled() }}
39 | run: |
40 | find . -name "*.trx" -exec dotnet tool run trx2junit --output TestResults/JUnit {} +
41 | - name: Upload coverage reports to Codecov
42 | uses: codecov/codecov-action@v5.5.1
43 | with:
44 | token: ${{ secrets.CODECOV_TOKEN }}
45 | slug: AlbusKavaliro/AntiXss
46 | - name: Upload test results to Codecov
47 | if: ${{ !cancelled() }}
48 | uses: codecov/test-results-action@v1.1.1
49 | with:
50 | files: TestResults/JUnit/*.xml
51 | token: ${{ secrets.CODECOV_TOKEN }}
52 |
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
1 | name: Release
2 | on:
3 | push:
4 | branches:
5 | - main
6 | - next
7 | - beta
8 | - "*.x"
9 | workflow_dispatch:
10 |
11 | permissions:
12 | contents: read # for checkout
13 |
14 | jobs:
15 | release:
16 | name: Release
17 | runs-on: ubuntu-slim
18 | permissions:
19 | contents: write # to be able to publish a GitHub release
20 | issues: write # to be able to comment on released issues
21 | pull-requests: write # to be able to comment on released pull requests
22 | id-token: write # to enable use of OIDC for npm provenance
23 | packages: write # to be able to publish to GitHub Packages
24 | steps:
25 | - name: Checkout
26 | uses: actions/checkout@v5.0.0
27 | with:
28 | fetch-depth: 0
29 | - name: Setup .NET
30 | uses: actions/setup-dotnet@v5.0.0
31 | with:
32 | global-json-file: global.json
33 | - name: Restore dependencies
34 | run: dotnet restore --locked-mode
35 | - name: Setup Node.js
36 | uses: actions/setup-node@v5.0.0
37 | with:
38 | node-version: "lts/*"
39 | check-latest: true
40 | - name: Install dependencies
41 | run: npm clean-install
42 | - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
43 | run: npm audit signatures
44 | - name: Release
45 | env:
46 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
47 | NUGET_TOKEN: ${{ secrets.NUGET_ORG_API_KEY }}
48 | CI_COMMIT_SHA: ${{ github.sha }}
49 | run: npx semantic-release
50 |
--------------------------------------------------------------------------------
/FxCopDictionary.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | codeplex
5 | Sre
6 | Xss
7 |
8 | Devanagari
9 | Gurmukhi
10 | Nko
11 | Syriac
12 | Buginese
13 | Buhid
14 | Jamo
15 | Hanunoo
16 | Khmner
17 | Lepcha
18 | Limbu
19 | Lue
20 | Ogham
21 | Ol
22 | Chiki
23 | Tagalog
24 | Tagbanwa
25 | Le
26 | Tham
27 | Daicritical
28 | Alphanumerics
29 | Glagolitic
30 | Letterlike
31 | Tifinagh
32 | Cjk
33 | Devanagari
34 | Jamo
35 | Li
36 | Kayah
37 | Mayek
38 | Meetei
39 | Rejang
40 | Bamum
41 | Kanbun
42 | Kangxi
43 | Lisu
44 | Phagspa
45 | Saurashtra
46 | Nagri
47 | Syloti
48 | Vai
49 | Yijing
50 | Yi
51 |
52 |
53 |
54 |
55 | IP
56 | SRE
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/IRestartable.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Interface declaration for classes that are restartable.
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | ///
22 | /// Interface declaration for classes that are restartable.
23 | ///
24 | internal interface IRestartable
25 | {
26 | ///
27 | /// Determines whether this instance can restart.
28 | ///
29 | ///
30 | /// true if this instance can restart; otherwise, false.
31 | ///
32 | bool CanRestart();
33 |
34 | ///
35 | /// Restarts this instance.
36 | ///
37 | void Restart();
38 |
39 | ///
40 | /// Disables the restart.
41 | ///
42 | void DisableRestart();
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Globalization/OutboundCodepageDetector.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Detects the code page for outbound data.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Globalization
20 | {
21 | using System;
22 | using System.IO;
23 | using System.Linq;
24 |
25 | using GlobalizationStrings = CtsResources.GlobalizationStrings;
26 |
27 | ///
28 | /// Value indidicating which fallback exceptions should be allowed.
29 | ///
30 | internal enum FallbackExceptions
31 | {
32 | ///
33 | /// No fallback exceptions are allowed.
34 | ///
35 | None,
36 |
37 | ///
38 | /// Common fallback exceptions are allowed.
39 | ///
40 | Common,
41 |
42 | ///
43 | /// All fallback exceptions are allowed.
44 | ///
45 | All
46 | }
47 | }
48 |
49 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Globalization/CharsetNotInstalledException.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // The exception thrown when a character set which is not installed is used.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Globalization
20 | {
21 | using System;
22 |
23 | ///
24 | /// The exception thrown when a character set which is not installed is used.
25 | ///
26 | [Serializable]
27 | internal class CharsetNotInstalledException : InvalidCharsetException
28 | {
29 | ///
30 | /// Initializes a new instance of the class.
31 | ///
32 | /// The code page.
33 | /// The message.
34 | public CharsetNotInstalledException(int codePage, string message) :
35 | base(codePage, message)
36 | {
37 | }
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/ITextSink.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Interface declaration for classes with Test Sink.
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | ///
22 | /// Interface declaration for classes with Test Sink.
23 | ///
24 | internal interface ITextSink
25 | {
26 | ///
27 | /// Gets a value indicating whether this instance is enough.
28 | ///
29 | /// true if this instance is enough; otherwise, false.
30 | bool IsEnough { get; }
31 |
32 | ///
33 | /// Writes the specified buffer.
34 | ///
35 | /// The buffer.
36 | /// The offset.
37 | /// The count.
38 | void Write(char[] buffer, int offset, int count);
39 |
40 | ///
41 | /// Writes the specified ucs32 char.
42 | ///
43 | /// The ucs32 char.
44 | void Write(int ucs32Char);
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/.github/workflows/linter.yml:
--------------------------------------------------------------------------------
1 | ---
2 | #################################
3 | #################################
4 | ## Super Linter GitHub Actions ##
5 | #################################
6 | #################################
7 | name: Lint Code Base
8 |
9 | #
10 | # Documentation:
11 | # https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
12 | #
13 |
14 | #############################
15 | # Start the job on all push #
16 | #############################
17 | on:
18 | # push:
19 | # branches-ignore: [main]
20 | # Remove the line above to run when pushing to master
21 | pull_request:
22 | branches: [main]
23 |
24 | ###############
25 | # Set the Job #
26 | ###############
27 | jobs:
28 | build:
29 | # Name the Job
30 | name: Lint Code Base
31 | # Set the agent to run on
32 | runs-on: ubuntu-slim
33 |
34 | ############################################
35 | # Grant status permission for MULTI_STATUS #
36 | ############################################
37 | permissions:
38 | contents: read
39 | packages: read
40 | statuses: write
41 |
42 | ##################
43 | # Load all steps #
44 | ##################
45 | steps:
46 | ##########################
47 | # Checkout the code base #
48 | ##########################
49 | - name: Checkout Code
50 | uses: actions/checkout@v5.0.0
51 | with:
52 | # Full git history is needed to get a proper
53 | # list of changed files within `super-linter`
54 | fetch-depth: 0
55 |
56 | ################################
57 | # Run Linter against code base #
58 | ################################
59 | - name: Lint Code Base
60 | uses: super-linter/super-linter@v8.2.0
61 | env:
62 | VALIDATE_ALL_CODEBASE: false
63 | DEFAULT_BRANCH: main
64 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
65 |
--------------------------------------------------------------------------------
/Directory.Build.props:
--------------------------------------------------------------------------------
1 |
2 |
3 | Microsoft Corporation
4 | Copyright © Microsoft Corporation 2009, 2010
5 | Microsoft Anti-XSS Library for .NET Standard; v1.0
6 | 1.0.0.0
7 | 1.0
8 |
9 |
10 |
11 | 13.0
12 | enable
13 | true
14 | AllEnabledByDefault
15 | true
16 |
17 |
18 |
19 | true
20 | ..\AntiXSS.snk
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 | Microsoft Corporation
29 | MS-PL
30 | https://github.com/AlbusKavaliro/AntiXss/blob/main/CHANGELOG.md
31 | snupkg
32 | https://github.com/AlbusKavaliro/AntiXss.git
33 | true
34 | git
35 | main
36 | 66b0a289da3c2f11bcf625869f5625c15b7f3d4d
37 | 0.2.2
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Shared/IApplicationServices.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // An interface for application configuration services.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Internal
20 | {
21 | using System.Collections.Generic;
22 | using System.IO;
23 |
24 | ///
25 | /// An interface for application configuration services.
26 | ///
27 | internal interface IApplicationServices
28 | {
29 | ///
30 | /// Gets the configuration subsection specified.
31 | ///
32 | /// Name of the subsection.
33 | /// A list of s for the specified section.
34 | IList GetConfiguration(string subSectionName);
35 |
36 | ///
37 | /// Refreshes the configuration from the application configuration file.
38 | ///
39 | void RefreshConfiguration();
40 |
41 | ///
42 | /// Logs an error during configuration processing.
43 | ///
44 | void LogConfigurationErrorEvent();
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder.UnitTests/CodeChartHelperTests.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Tests the range helpers
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application.Tests
21 | {
22 | using System.Linq;
23 |
24 | using Microsoft.Security.Application.CodeCharts;
25 | using Microsoft.VisualStudio.TestTools.UnitTesting;
26 |
27 | ///
28 | /// Tests the range helpers.
29 | ///
30 | [TestClass]
31 | public class CodeChartHelperTests
32 | {
33 | ///
34 | /// Tests GetRange() returns the correct range with no exclusions.
35 | ///
36 | [TestMethod]
37 | public void GetRange()
38 | {
39 | CollectionAssert.AreEqual(new[] { 1, 2, 3, 4 }, CodeChartHelper.GetRange(1, 4).ToList());
40 | }
41 |
42 | ///
43 | /// Tests GetRange() returns the correct range and excludes the specified numbers.
44 | ///
45 | [TestMethod]
46 | public void GetRangeWithExclusion()
47 | {
48 | CollectionAssert.AreEqual(new[] { 1, 2, 5 }, CodeChartHelper.GetRange(1, 5, i => i == 3 || i == 4).ToList());
49 | }
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Microsoft.Security.Application.HtmlSanitization.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 | netstandard2.0
4 | true
5 | Microsoft.Security.Application
6 | Html Sanitization Library
7 | Library for sanitizing inputs to protect from HTML cross site scripting.
8 |
9 | Microsoft; AntiXSS Contributors
10 | AntiXSS Contributors
11 | AntiXSS.NetStandard.HtmlSanitization
12 | AntiXSS is an encoding library which uses a safe list approach to encoding. It provides Html, XML, Url, Form, LDAP, CSS, JScript and VBScript encoding methods to allow you to avoid Cross Site Scripting attacks. This library is part of the Microsoft SDL tools.
13 | HtmlSanitization for AntiXSS.NetStandardNET.
14 | MS-PL
15 | true
16 | https://github.com/AlbusKavaliro/AntiXss
17 | (c) 2009, 2010, 2011 Microsoft Corporation
18 | en-US
19 | AntiXSS, ASP.NET
20 |
21 |
22 |
23 |
24 | <_Parameter1>
25 | $(MSBuildProjectName).UnitTests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100bda0eb6cc78de731ac06a7f90a81d02c3a40c51568ba6d1e26c9e9214a4ecba0a2c07182a79ba3daef142d3dbf26dbfe3794ce46c42e0485031fcffbe72c9a58d77a8e8e0b2b2bc3f04ca0d9f375e1714a2389a3e941452448e157edb4842ea47c2bb556a6f0cae1a1907cd58f964ce5c3b4baf278cec2aab410d2a8d41ed3e4
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Shared/CtsConfigurationArgument.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Contains a configuration argument and its value.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Internal
20 | {
21 | ///
22 | /// Contains a configuration argument and its value.
23 | ///
24 | internal class CtsConfigurationArgument
25 | {
26 | ///
27 | /// Initializes a new instance of the class.
28 | ///
29 | /// The argument name.
30 | /// The argument value.
31 | internal CtsConfigurationArgument(string name, string value)
32 | {
33 | this.Name = name;
34 | this.Value = value;
35 | }
36 |
37 | ///
38 | /// Gets the argument name.
39 | ///
40 | /// The argument name.
41 | public string Name
42 | {
43 | get;
44 | private set;
45 | }
46 |
47 | ///
48 | /// Gets the argument value.
49 | ///
50 | /// The argument value.
51 | public string Value
52 | {
53 | get;
54 | private set;
55 | }
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder/Microsoft.Security.Application.Encoder.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 | netstandard2.0
4 | Microsoft.Security.Application
5 | AntiXssLibrary
6 | AntiXss Library for .NET Standard 2.0
7 | Encoding classes for safe-listing encoding of HTML, XML and other output types.
8 |
9 | Microsoft; AntiXSS Contributors
10 | AntiXSS Contributors
11 | AntiXSS.NetStandard
12 | AntiXSS is an encoding library which uses a safe list approach to encoding. It provides Html, XML, Url, Form, LDAP, CSS, JScript and VBScript encoding methods to allow you to avoid Cross Site Scripting attacks. This library is part of the Microsoft SDL tools.
13 | AntiXSS is an encoding library for .NET.
14 | MS-PL
15 | true
16 | https://github.com/AlbusKavaliro/AntiXss
17 | (c) 2009, 2010, 2011 Microsoft Corporation
18 | en-US
19 | AntiXSS, ASP.NET
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 | <_Parameter1>
29 | $(MSBuildProjectName).UnitTests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100bda0eb6cc78de731ac06a7f90a81d02c3a40c51568ba6d1e26c9e9214a4ecba0a2c07182a79ba3daef142d3dbf26dbfe3794ce46c42e0485031fcffbe72c9a58d77a8e8e0b2b2bc3f04ca0d9f375e1714a2389a3e941452448e157edb4842ea47c2bb556a6f0cae1a1907cd58f964ce5c3b4baf278cec2aab410d2a8d41ed3e4
30 |
31 |
32 |
33 |
34 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/TextConvertersException.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System;
22 | using System.Runtime.Serialization;
23 | using Strings = CtsResources.TextConvertersStrings;
24 |
25 | internal enum HeaderFooterFormat
26 | {
27 | Text,
28 | Html,
29 | }
30 |
31 | [Serializable]
32 | internal class TextConvertersException : ExchangeDataException
33 | {
34 | ///
35 | /// Initializes a new instance of the class.
36 | ///
37 | internal TextConvertersException() :
38 | base("internal text conversion error (document too complex)")
39 | {
40 | }
41 |
42 | ///
43 | /// Initializes a new instance of the class.
44 | ///
45 | /// The exception message.
46 | internal TextConvertersException(string message) :
47 | base(message)
48 | {
49 | }
50 |
51 | ///
52 | /// Initializes a new instance of the class.
53 | ///
54 | /// The message.
55 | /// The inner exception.
56 | internal TextConvertersException(string message, Exception innerException) :
57 | base(message, innerException)
58 | {
59 | }
60 | }
61 | }
62 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/Injection.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System;
22 | using System.IO;
23 | using System.Text;
24 | using Microsoft.Exchange.Data.TextConverters.Internal.Format;
25 | using Microsoft.Exchange.Data.TextConverters.Internal.Html;
26 | using Microsoft.Exchange.Data.TextConverters.Internal.Text;
27 |
28 | internal abstract class Injection : IDisposable
29 | {
30 | protected HeaderFooterFormat injectionFormat;
31 |
32 | protected string injectHead;
33 | protected string injectTail;
34 |
35 | protected bool headInjected;
36 | protected bool tailInjected;
37 |
38 | protected bool testBoundaryConditions;
39 | protected Stream traceStream;
40 |
41 | public HeaderFooterFormat HeaderFooterFormat { get { return this.injectionFormat; } }
42 |
43 | public bool HaveHead { get { return this.injectHead != null; } }
44 | public bool HaveTail { get { return this.injectTail != null; } }
45 |
46 | public bool HeadDone { get { return this.headInjected; } }
47 | public bool TailDone { get { return this.tailInjected; } }
48 |
49 | public abstract void Inject(bool head, TextOutput output);
50 |
51 | void IDisposable.Dispose()
52 | {
53 | this.Dispose(true);
54 | GC.SuppressFinalize(this);
55 | }
56 |
57 | protected virtual void Dispose(bool disposing)
58 | {
59 | }
60 |
61 | public virtual void Reset()
62 | {
63 | this.headInjected = false;
64 | this.tailInjected = false;
65 | }
66 |
67 |
68 | public abstract void InjectRtfFonts(int firstAvailableFontHandle);
69 | public abstract void InjectRtfColors(int nextColorIndex);
70 | }
71 | }
72 |
73 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder.UnitTests/UpperUnicode.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Performs a test on character values beyond the base plane.
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application.Tests
21 | {
22 | using System;
23 |
24 | using Microsoft.VisualStudio.TestTools.UnitTesting;
25 |
26 | ///
27 | /// Performs tests on character values beyond the base plane.
28 | ///
29 | [TestClass]
30 | public class UpperUnicode
31 | {
32 | ///
33 | /// Validates that characters beyond the base plane get encoding, using AncientGreek as the example.
34 | ///
35 | /// All characters beyond the base plane should be encoded as their surrogate pair values.
36 | [TestMethod]
37 | public void UpperUnicodeAncientGreekMusicalNotation()
38 | {
39 | const long CodePageStart = 0x1D200;
40 | const long CodePageEnd = 0x1D24F;
41 |
42 | UnicodeCharacterEncoder.MarkAsSafe(LowerCodeCharts.Default, LowerMidCodeCharts.None, MidCodeCharts.None, UpperMidCodeCharts.None, UpperCodeCharts.None);
43 |
44 | for (long i = CodePageStart; i < CodePageEnd; i++)
45 | {
46 | long h = ((i - 0x10000) / 0x400) + 0xD800;
47 | long l = ((i - 0x10000) % 0x400) + 0xDC00;
48 |
49 | string target = Convert.ToString((char)h) + Convert.ToString((char)l);
50 | string expected = "&#" + int.Parse(Convert.ToString(i, 16), System.Globalization.NumberStyles.HexNumber) + ";";
51 | string actual = Encoder.HtmlEncode(target);
52 |
53 | string testmessage = "0x" + i.ToString("x").PadLeft(5, '0') + " (gap value) ";
54 |
55 | Assert.AreEqual(expected, actual, "Encoder.HtmlEncode " + testmessage + " beyond base plane.");
56 | }
57 | }
58 | }
59 | }
60 |
--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "AntiXSS.NetStandard",
3 | "devDependencies": {
4 | "@droidsolutions-oss/semantic-release-nuget": "^2.0.1",
5 | "@droidsolutions-oss/semantic-release-update-file": "^1.4.0",
6 | "@semantic-release/changelog": "^6.0.3",
7 | "@semantic-release/git": "^10.0.1",
8 | "semantic-release": "^25.0.2"
9 | },
10 | "release": {
11 | "branches": [
12 | "+([0-9])?(.{+([0-9]),x}).x",
13 | "main",
14 | "next",
15 | "next-major",
16 | {
17 | "name": "beta",
18 | "prerelease": true
19 | },
20 | {
21 | "name": "alpha",
22 | "prerelease": true
23 | }
24 | ],
25 | "plugins": [
26 | "@semantic-release/commit-analyzer",
27 | "@semantic-release/release-notes-generator",
28 | [
29 | "@semantic-release/changelog",
30 | {
31 | "changelogFile": "CHANGELOG.md"
32 | }
33 | ],
34 | "@droidsolutions-oss/semantic-release-update-file",
35 | "@semantic-release/npm",
36 | "@droidsolutions-oss/semantic-release-nuget",
37 | [
38 | "@semantic-release/git",
39 | {
40 | "assets": [
41 | "package.json",
42 | "package-lock.json",
43 | "CHANGELOG.md",
44 | "Directory.Build.props"
45 | ],
46 | "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
47 | }
48 | ],
49 | "@semantic-release/github"
50 | ],
51 | "npmPublish": false,
52 | "projectPath": [
53 | "Microsoft.Security.Application.Encoder/Microsoft.Security.Application.Encoder.csproj",
54 | "Microsoft.Security.Application.HtmlSanitization/Microsoft.Security.Application.HtmlSanitization.csproj"
55 | ],
56 | "includeSymbols": true,
57 | "files": [
58 | {
59 | "path": [
60 | "Directory.Build.props"
61 | ],
62 | "type": "xml",
63 | "replacements": [
64 | {
65 | "key": "Version",
66 | "value": "${nextRelease.version}"
67 | },
68 | {
69 | "key": "RepositoryCommit",
70 | "value": "${CI_COMMIT_SHA}"
71 | }
72 | ]
73 | }
74 | ]
75 | },
76 | "version": "0.2.2"
77 | }
78 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder.UnitTests/EncoderUtilTest.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Tests the Encoder utility class
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application.Tests
21 | {
22 | using System;
23 | using System.Text;
24 |
25 | using Microsoft.VisualStudio.TestTools.UnitTesting;
26 |
27 | ///
28 | /// Tests the Encoder utility class
29 | ///
30 | [TestClass]
31 | public class EncoderUtilTest
32 | {
33 | ///
34 | /// Tests the output string builder.
35 | ///
36 | [TestMethod]
37 | public void GetOutputStringBuilder()
38 | {
39 | RunGetOutputStringBuilderTest(300, 30, 9000, "I forgot how to multiply.");
40 | RunGetOutputStringBuilderTest(300, 100, 16 * 1024, "Default capacity should never exceed 16k chars if input length is small.");
41 | RunGetOutputStringBuilderTest(30000, 2, 30000, "Default capacity can exceed 16k chars if input length is large.");
42 | RunGetOutputStringBuilderTest(1024, Int32.MaxValue, 16 * 1024, "Overflow guard failed.");
43 | }
44 |
45 | ///
46 | /// Runs a test based on the input parameters.
47 | ///
48 | /// The length of the input.
49 | /// The worst case scenario.
50 | /// The expected capacity of the string builder created.
51 | /// The message to use if the test fails.
52 | private static void RunGetOutputStringBuilderTest(int inputLength, int worstCaseOutputCharsPerInputChar, int expectedCapacity, string failureMessage)
53 | {
54 | StringBuilder builder = EncoderUtil.GetOutputStringBuilder(inputLength, worstCaseOutputCharsPerInputChar);
55 | Assert.AreEqual(expectedCapacity, builder.Capacity, failureMessage);
56 | }
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder/CodeCharts/CodeChartHelper.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Helper functions to simplify range/safe enumerations.
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application.CodeCharts
21 | {
22 | using System;
23 | using System.Collections.Generic;
24 | using System.Linq;
25 |
26 | ///
27 | /// Helper functions to simplify range/safe enumerations.
28 | ///
29 | internal static class CodeChartHelper
30 | {
31 | ///
32 | /// Generates a range of numbers starting at , ending at and using any exclusions specified in the .
33 | ///
34 | /// The starting number.
35 | /// The finishing number.
36 | /// A function returning true for any number to be excluded.
37 | /// An enumerable collection of integers starting at and ending at , with any exclusions specified.
38 | internal static IEnumerable GetRange(int min, int max, Func exclusionFilter)
39 | {
40 | var range = Enumerable.Range(min, (max - min + 1));
41 | if (exclusionFilter != null)
42 | {
43 | range = range.Where(i => !exclusionFilter(i));
44 | }
45 |
46 | return range;
47 | }
48 |
49 | ///
50 | /// Generates a range of numbers with no exclusions.
51 | ///
52 | /// The starting number.
53 | /// The finishing number.
54 | /// An enumerable collection of integers starting at and ending at .
55 | internal static IEnumerable GetRange(int min, int max)
56 | {
57 | return GetRange(min, max, null);
58 | }
59 | }
60 | }
61 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/StringBuildSink.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System;
22 | using System.IO;
23 | using System.Text;
24 | using Microsoft.Exchange.Data.Internal;
25 |
26 | internal class StringBuildSink : ITextSinkEx
27 | {
28 | private readonly StringBuilder sb;
29 | int maxLength;
30 |
31 | public StringBuildSink()
32 | {
33 | this.sb = new StringBuilder();
34 | }
35 |
36 | public bool IsEnough { get { return this.sb.Length >= this.maxLength; } }
37 |
38 | public void Reset(int maxLength)
39 | {
40 | this.maxLength = maxLength;
41 | this.sb.Length = 0;
42 | }
43 |
44 | public void Write(char[] buffer, int offset, int count)
45 | {
46 | InternalDebug.Assert(!this.IsEnough);
47 |
48 | count = Math.Min(count, this.maxLength - this.sb.Length);
49 | this.sb.Append(buffer, offset, count);
50 | }
51 |
52 | public void Write(int ucs32Char)
53 | {
54 | InternalDebug.Assert(!this.IsEnough);
55 |
56 | if (Token.LiteralLength(ucs32Char) == 1)
57 | {
58 | this.sb.Append((char)ucs32Char);
59 | }
60 | else
61 | {
62 | this.sb.Append(Token.LiteralFirstChar(ucs32Char));
63 | if (!this.IsEnough)
64 | {
65 | this.sb.Append(Token.LiteralLastChar(ucs32Char));
66 | }
67 | }
68 | }
69 |
70 | public void Write(string value)
71 | {
72 | InternalDebug.Assert(!this.IsEnough);
73 |
74 | this.sb.Append(value);
75 | }
76 |
77 | public void WriteNewLine()
78 | {
79 | InternalDebug.Assert(!this.IsEnough);
80 |
81 | this.sb.Append('\r');
82 |
83 | if (!this.IsEnough)
84 | {
85 | this.sb.Append('\n');
86 | }
87 | }
88 |
89 | public override string ToString()
90 | {
91 | return this.sb.ToString();
92 | }
93 | }
94 | }
95 |
96 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Shared/CtsConfigurationSetting.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Contains a configuration name and its arguments.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Internal
20 | {
21 | using System.Collections.Generic;
22 |
23 | ///
24 | /// Contains a configuration name and its arguments.
25 | ///
26 | internal class CtsConfigurationSetting
27 | {
28 | ///
29 | /// The configuration name.
30 | ///
31 | private readonly string configurationName;
32 |
33 | ///
34 | /// The configuration arguments.
35 | ///
36 | private readonly IList arguments;
37 |
38 | ///
39 | /// Initializes a new instance of the class.
40 | ///
41 | /// The setting name.
42 | internal CtsConfigurationSetting(string name)
43 | {
44 | this.configurationName = name;
45 | this.arguments = [];
46 | }
47 |
48 | ///
49 | /// Gets the name of the setting.
50 | ///
51 | /// The name of the setting.
52 | public string Name
53 | {
54 | get
55 | {
56 | return this.configurationName;
57 | }
58 | }
59 |
60 | ///
61 | /// Gets the argument list for the setting.
62 | ///
63 | /// The argument list.
64 | public IList Arguments
65 | {
66 | get
67 | {
68 | return this.arguments;
69 | }
70 | }
71 |
72 | ///
73 | /// Adds the specified argument to the configuration setting.
74 | ///
75 | /// The argument name.
76 | /// The argument value.
77 | internal void AddArgument(string name, string value)
78 | {
79 | this.arguments.Add(new CtsConfigurationArgument(name, value));
80 | }
81 | }
82 | }
83 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Globalization/InvalidCharsetException.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Exception thrown when an invalid character set is used.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Globalization
20 | {
21 | using System;
22 | using System.Runtime.Serialization;
23 | using GlobalizationStrings = CtsResources.GlobalizationStrings;
24 |
25 | ///
26 | /// Exception thrown when an invalid character set is used.
27 | ///
28 | [Serializable]
29 | internal class InvalidCharsetException : ExchangeDataException
30 | {
31 | ///
32 | /// Initializes a new instance of the class.
33 | ///
34 | /// The code page.
35 | public InvalidCharsetException(int codePage) :
36 | base(GlobalizationStrings.InvalidCodePage(codePage))
37 | {
38 | }
39 |
40 | ///
41 | /// Initializes a new instance of the class.
42 | ///
43 | /// The code page.
44 | /// The exception message.
45 | public InvalidCharsetException(int codePage, string message) :
46 | base(message)
47 | {
48 | }
49 |
50 | ///
51 | /// Initializes a new instance of the class.
52 | ///
53 | /// The that holds the serialized object data about the exception being thrown.
54 | /// The that contains contextual information about the source or destination.
55 | ///
56 | /// The parameter is null.
57 | ///
58 | ///
59 | /// The class name is null or is zero (0).
60 | ///
61 | protected InvalidCharsetException(SerializationInfo info, StreamingContext context) :
62 | base(info, context)
63 | {
64 | }
65 | }
66 | }
67 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder/EncoderUtil.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Provides helper methods common to all Anti-XSS encoders.
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application
21 | {
22 | using System;
23 | using System.Text;
24 |
25 | ///
26 | /// Provides helper methods common to all Anti-XSS encoders.
27 | ///
28 | internal static class EncoderUtil
29 | {
30 | ///
31 | /// Gets an appropriately-sized StringBuilder for the output of an encoding routine.
32 | ///
33 | /// The length (in characters) of the input string.
34 | /// The worst-case ratio of output characters per input character.
35 | /// A StringBuilder appropriately-sized to hold the output string.
36 | internal static StringBuilder GetOutputStringBuilder(int inputLength, int worstCaseOutputCharsPerInputChar)
37 | {
38 | // We treat 32KB byte size (16k chars) as a soft upper boundary for the length of any StringBuilder
39 | // that we allocate. We'll try to avoid going above this boundary if we can avoid it so that we
40 | // don't allocate objects on the LOH.
41 | const int UpperBound = 16 * 1024;
42 |
43 | int charsToAllocate;
44 | if (inputLength >= UpperBound)
45 | {
46 | // We know that the output will contain at least as many characters as the input, so if the
47 | // input length exceeds the soft upper boundary just pre-allocate the entire builder and hope for
48 | // a best-case outcome.
49 | charsToAllocate = inputLength;
50 | }
51 | else
52 | {
53 | // Allocate the worst-case if we can, but don't exceed the soft upper boundary.
54 | long worstCaseTotalChars = (long)inputLength * worstCaseOutputCharsPerInputChar; // don't overflow Int32
55 | charsToAllocate = (int)Math.Min(UpperBound, worstCaseTotalChars);
56 | }
57 |
58 | // Once we have chosen an initial value for the StringBuilder size, the StringBuilder type will
59 | // efficiently allocate additionally blocks if necessary.
60 | return new StringBuilder(charsToAllocate);
61 | }
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/ConverterInput.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System;
22 | using System.IO;
23 | using System.Text;
24 |
25 | internal abstract class ConverterInput : IDisposable
26 | {
27 | protected bool endOfFile;
28 | protected int maxTokenSize;
29 |
30 | protected IProgressMonitor progressMonitor;
31 |
32 | ///
33 | /// Gets a value indicating whether reached end of file.
34 | ///
35 | /// true if reached end of file; otherwise, false.
36 | public bool EndOfFile
37 | {
38 | get { return this.endOfFile; }
39 | }
40 |
41 | ///
42 | /// Gets the max size of the token.
43 | ///
44 | /// The max size of the token.
45 | public int MaxTokenSize
46 | {
47 | get { return this.maxTokenSize; }
48 | }
49 |
50 | ///
51 | /// Initializes a new instance of the class.
52 | ///
53 | /// The progress monitor.
54 | protected ConverterInput(IProgressMonitor progressMonitor)
55 | {
56 | this.progressMonitor = progressMonitor;
57 | }
58 |
59 | ///
60 | /// Sets the restart consumer.
61 | ///
62 | /// The restart consumer.
63 | public virtual void SetRestartConsumer(IRestartable restartConsumer)
64 | {
65 | }
66 |
67 | public abstract bool ReadMore(ref char[] buffer, ref int start, ref int current, ref int end);
68 |
69 | public abstract void ReportProcessed(int processedSize);
70 |
71 | public abstract int RemoveGap(int gapBegin, int gapEnd);
72 |
73 | ///
74 | /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
75 | ///
76 | void IDisposable.Dispose()
77 | {
78 | this.Dispose();
79 | GC.SuppressFinalize(this);
80 | }
81 |
82 | ///
83 | /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
84 | ///
85 | protected virtual void Dispose()
86 | {
87 | }
88 | }
89 | }
90 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/HTML/HtmlTagId.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // An enumerator for HTML tab attributes.
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | #pragma warning disable 1591
22 |
23 | //
24 | // An enumerator for HTML tab attributes.
25 | //
26 | public enum HtmlTagId : byte
27 | {
28 | Unknown = 0,
29 | A,
30 | Abbr,
31 | Acronym,
32 | Address,
33 | Applet,
34 | Area,
35 | B,
36 | Base,
37 | BaseFont,
38 | Bdo,
39 | BGSound,
40 | Big,
41 | Blink,
42 | BlockQuote,
43 | Body,
44 | BR,
45 | Button,
46 | Caption,
47 | Center,
48 | Cite,
49 | Code,
50 | Col,
51 | ColGroup,
52 | Comment,
53 | DD,
54 | Del,
55 | Dfn,
56 | Dir,
57 | Div,
58 | DL,
59 | DT,
60 | EM,
61 | Embed,
62 | FieldSet,
63 | Font,
64 | Form,
65 | Frame,
66 | FrameSet,
67 | H1,
68 | H2,
69 | H3,
70 | H4,
71 | H5,
72 | H6,
73 | Head,
74 | HR,
75 | Html,
76 | I,
77 | Iframe,
78 | Image,
79 | Img,
80 | Input,
81 | Ins,
82 | IsIndex,
83 | Kbd,
84 | Label,
85 | Legend,
86 | LI,
87 | Link,
88 | Listing,
89 | Map,
90 | Marquee,
91 | Menu,
92 | Meta,
93 | NextId,
94 | NoBR,
95 | NoEmbed,
96 | NoFrames,
97 | NoScript,
98 | Object,
99 | OL,
100 | OptGroup,
101 | Option,
102 | P,
103 | Param,
104 | PlainText,
105 | Pre,
106 | Q,
107 | RP,
108 | RT,
109 | Ruby,
110 | S,
111 | Samp,
112 | Script,
113 | Select,
114 | Small,
115 | Span,
116 | Strike,
117 | Strong,
118 | Style,
119 | Sub,
120 | Sup,
121 | Table,
122 | Tbody,
123 | TD,
124 | TextArea,
125 | Tfoot,
126 | TH,
127 | Thead,
128 | Title,
129 | TR,
130 | TT,
131 | U,
132 | UL,
133 | Var,
134 | Wbr,
135 | Xml,
136 | Xmp,
137 | }
138 |
139 | #pragma warning restore 1591
140 | }
141 |
--------------------------------------------------------------------------------
/License.txt:
--------------------------------------------------------------------------------
1 | =============================================================================================================
2 | Microsoft Web Protection Library (http://wpl.codeplex.com)
3 | This work is licensed under the Microsoft Public License (Ms-PL)
4 | Copyright (c) 2010 Microsoft Corporation
5 |
6 | =============================================================================================================
7 |
8 | Microsoft Public License (Ms-PL)
9 |
10 | This license governs use of the accompanying software. If you use the software, you accept this license.
11 | If you do not accept the license, do not use the software.
12 |
13 | 1. Definitions
14 | The terms "reproduce," "reproduction," "derivative works," and "distribution" have the same meaning
15 | here as under U.S. copyright law. A "contribution" is the original software, or any additions or
16 | changes to the software. A "contributor" is any person that distributes its contribution under this
17 | license. "Licensed patents" are a contributor's patent claims that read directly on its contribution.
18 | 2. Grant of Rights
19 | (A) Copyright Grant- Subject to the terms of this license, including the license conditions and
20 | limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free
21 | copyright license to reproduce its contribution, prepare derivative works of its contribution, and
22 | distribute its contribution or any derivative works that you create.
23 | (B) Patent Grant- Subject to the terms of this license, including the license conditions and
24 | limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free
25 | license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or
26 | otherwise dispose of its contribution in the software or derivative works of the contribution in
27 | the software.
28 | 3. Conditions and Limitations
29 | (A) No Trademark License- This license does not grant you rights to use any contributors' name, logo,
30 | or trademarks.
31 | (B) If you bring a patent claim against any contributor over patents that you claim are infringed by
32 | the software, your patent license from such contributor to the software ends automatically.
33 | (C) If you distribute any portion of the software, you must retain all copyright, patent, trademark,
34 | and attribution notices that are present in the software.
35 | (D) If you distribute any portion of the software in source code form, you may do so only under this
36 | license by including a complete copy of this license with your distribution. If you distribute any
37 | portion of the software in compiled or object code form, you may only do so under a license that
38 | complies with this license.
39 | (E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express
40 | warranties, guarantees, or conditions. You may have additional consumer rights under your local
41 | laws which this license cannot change. To the extent permitted under your local laws, the
42 | contributors exclude the implied warranties of merchantability, fitness for a particular purpose
43 | and non-infringement.
44 |
45 | =============================================================================================================
46 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Globalization/ApplicationServices.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Provides functions for parsing application configuration data.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Internal
20 | {
21 | using System;
22 | using System.Collections.Generic;
23 | using System.Linq;
24 |
25 | ///
26 | /// Provides functions for parsing application configuration data.
27 | ///
28 | internal static class ApplicationServices
29 | {
30 | ///
31 | /// Loads the application service provider.
32 | ///
33 | private static readonly IApplicationServices ServicesProvider = LoadServices();
34 |
35 | ///
36 | /// Gets the application service provider.
37 | ///
38 | public static IApplicationServices Provider
39 | {
40 | get
41 | {
42 | return ServicesProvider;
43 | }
44 | }
45 |
46 | ///
47 | /// Gets the specified configuration setting.
48 | ///
49 | /// Name of the configuration sub section.
50 | /// Name of the configuration setting.
51 | /// A for the sepecified setting from the specified sub section.
52 | public static CtsConfigurationSetting GetSimpleConfigurationSetting(string subSectionName, string settingName)
53 | {
54 | CtsConfigurationSetting result = null;
55 | IList settings = Provider.GetConfiguration(subSectionName);
56 |
57 | foreach (CtsConfigurationSetting setting in
58 | settings.Where(setting => string.Equals(setting.Name, settingName, StringComparison.OrdinalIgnoreCase)))
59 | {
60 | if (result != null)
61 | {
62 | Provider.LogConfigurationErrorEvent();
63 | break;
64 | }
65 |
66 | result = setting;
67 | }
68 |
69 | return result;
70 | }
71 |
72 | ///
73 | /// Initializes the application services.
74 | ///
75 | /// An instance of the default Application Services class.
76 | private static IApplicationServices LoadServices()
77 | {
78 | return new DefaultApplicationServices();
79 | }
80 | }
81 | }
82 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Shared/DataException.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Thrown when a data exception occurs.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data
20 | {
21 | using System;
22 | using System.Runtime.Serialization;
23 |
24 | ///
25 | /// Thrown when a data exception occurs.
26 | ///
27 | [Serializable()]
28 | #if EXCHANGECOMMONEXCEPTIONS
29 | internal class ExchangeDataException : Microsoft.Exchange.Data.Common.LocalizedException
30 | #else
31 | internal class ExchangeDataException : Exception
32 | #endif
33 | {
34 | ///
35 | /// Initializes a new instance of the class.
36 | ///
37 | /// The exception message.
38 | public ExchangeDataException(string message) :
39 | #if EXCHANGECOMMONEXCEPTIONS
40 | base(new Microsoft.Exchange.Data.Common.LocalizedString(message))
41 | #else
42 | base(message)
43 | #endif
44 | {
45 | }
46 |
47 | ///
48 | /// Initializes a new instance of the class.
49 | ///
50 | /// The exception message.
51 | /// The inner exception.
52 | public ExchangeDataException(string message, Exception innerException) :
53 | #if EXCHANGECOMMONEXCEPTIONS
54 | base(new Microsoft.Exchange.Data.Common.LocalizedString(message), innerException)
55 | #else
56 | base(message, innerException)
57 | #endif
58 | {
59 | }
60 |
61 | ///
62 | /// Initializes a new instance of the class.
63 | ///
64 | /// The that holds the serialized object data about the exception being thrown.
65 | /// The that contains contextual information about the source or destination.
66 | ///
67 | /// The parameter is null.
68 | ///
69 | ///
70 | /// The class name is null or is zero (0).
71 | ///
72 | protected ExchangeDataException(SerializationInfo info, StreamingContext context) :
73 | base(info, context)
74 | {
75 | }
76 | }
77 | }
78 |
79 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/HTML/HtmlTagIndex.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // An enumerator for the HTML tag index attributes
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters.Internal.Html
20 | {
21 | //
22 | // An enumerator for the HTML tag index attributes
23 | //
24 | internal enum HtmlTagIndex : byte
25 | {
26 | _NULL,
27 | _ROOT,
28 | _COMMENT,
29 | _CONDITIONAL,
30 | _BANG,
31 | _DTD,
32 | _ASP,
33 | Unknown,
34 | A,
35 | Abbr,
36 | Acronym,
37 | Address,
38 | Applet,
39 | Area,
40 | B,
41 | Base,
42 | BaseFont,
43 | Bdo,
44 | BGSound,
45 | Big,
46 | Blink,
47 | BlockQuote,
48 | Body,
49 | BR,
50 | Button,
51 | Caption,
52 | Center,
53 | Cite,
54 | Code,
55 | Col,
56 | ColGroup,
57 | Comment,
58 | DD,
59 | Del,
60 | Dfn,
61 | Dir,
62 | Div,
63 | DL,
64 | DT,
65 | EM,
66 | Embed,
67 | FieldSet,
68 | Font,
69 | Form,
70 | Frame,
71 | FrameSet,
72 | H1,
73 | H2,
74 | H3,
75 | H4,
76 | H5,
77 | H6,
78 | Head,
79 | HR,
80 | Html,
81 | I,
82 | Iframe,
83 | Image,
84 | Img,
85 | Input,
86 | Ins,
87 | IsIndex,
88 | Kbd,
89 | Label,
90 | Legend,
91 | LI,
92 | Link,
93 | Listing,
94 | Map,
95 | Marquee,
96 | Menu,
97 | Meta,
98 | NextId,
99 | NoBR,
100 | NoEmbed,
101 | NoFrames,
102 | NoScript,
103 | Object,
104 | OL,
105 | OptGroup,
106 | Option,
107 | P,
108 | Param,
109 | PlainText,
110 | Pre,
111 | Q,
112 | RP,
113 | RT,
114 | Ruby,
115 | S,
116 | Samp,
117 | Script,
118 | Select,
119 | Small,
120 | Span,
121 | Strike,
122 | Strong,
123 | Style,
124 | Sub,
125 | Sup,
126 | Table,
127 | Tbody,
128 | TC,
129 | TD,
130 | TextArea,
131 | Tfoot,
132 | TH,
133 | Thead,
134 | Title,
135 | TR,
136 | TT,
137 | U,
138 | UL,
139 | Var,
140 | Wbr,
141 | Xmp,
142 | Xml,
143 | _Pxml,
144 | _Import,
145 | _Xml_Namespace,
146 | _IMPLICIT_BEGIN,
147 | }
148 | }
149 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/HTML/HtmlTagParts.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System.IO;
22 |
23 | using Microsoft.Exchange.Data.TextConverters.Internal.Html;
24 |
25 | using Security.Application.TextConverters.HTML;
26 |
27 | internal struct HtmlTagParts
28 | {
29 | private readonly HtmlToken.TagPartMajor major;
30 | private readonly HtmlToken.TagPartMinor minor;
31 |
32 | internal HtmlTagParts(HtmlToken.TagPartMajor major, HtmlToken.TagPartMinor minor)
33 | {
34 | this.minor = minor;
35 | this.major = major;
36 | }
37 |
38 | public bool Begin { get { return HtmlToken.TagPartMajor.Begin == (this.major & HtmlToken.TagPartMajor.Begin); } }
39 |
40 | public bool Name { get { return HtmlToken.TagPartMinor.ContinueName == (this.minor & HtmlToken.TagPartMinor.ContinueName); } }
41 |
42 | public override string ToString()
43 | {
44 | return this.major.ToString() + " /" + this.minor.ToString() + "/";
45 | }
46 | }
47 |
48 | #if M5STUFF
49 |
50 |
51 |
52 |
53 |
54 |
55 | public interface IHtmlParsingCallback
56 | {
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 | bool EvaluateConditional(string conditional);
67 | }
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 | public enum HtmlFilterAction
77 | {
78 |
79 | NoAction,
80 |
81 | Drop,
82 |
83 | DropContainerOnly,
84 |
85 | DropContainerAndContent,
86 |
87 | EmptyValue,
88 |
89 | ReplaceValue,
90 | }
91 |
92 |
93 |
94 |
95 |
96 | public struct HtmlFilterContextAction
97 | {
98 |
99 | public HtmlFilterContextType contextType;
100 |
101 |
102 | public HtmlNameId nameId;
103 |
104 | public string name;
105 |
106 |
107 | public HtmlNameId containerNameId;
108 |
109 | public string containerName;
110 |
111 |
112 | public HtmlFilterAction action;
113 |
114 | public string replacementValue;
115 |
116 |
117 | public bool callbackOverride;
118 | }
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 | public class HtmlFilterTables
128 | {
129 |
130 |
131 |
132 |
133 |
134 |
135 | public HtmlFilterTables(HtmlFilterContextAction[] staticActions, bool mergeWithDefault)
136 | {
137 | }
138 |
139 |
140 |
141 | }
142 |
143 |
144 |
145 |
146 |
147 | public interface IImageExtractionCallback
148 | {
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 | Stream CreateImage(string imageType, out string linkUrl);
157 | }
158 |
159 | #endif
160 | }
161 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/packages.lock.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dependencies": {
4 | ".NETStandard,Version=v2.0": {
5 | "Microsoft.SourceLink.GitHub": {
6 | "type": "Direct",
7 | "requested": "[8.0.0, )",
8 | "resolved": "8.0.0",
9 | "contentHash": "G5q7OqtwIyGTkeIOAc3u2ZuV/kicQaec5EaRnc0pIeSnh9LUjj+PYQrJYBURvDt7twGl2PKA7nSN0kz1Zw5bnQ==",
10 | "dependencies": {
11 | "Microsoft.Build.Tasks.Git": "8.0.0",
12 | "Microsoft.SourceLink.Common": "8.0.0"
13 | }
14 | },
15 | "NETStandard.Library": {
16 | "type": "Direct",
17 | "requested": "[2.0.3, )",
18 | "resolved": "2.0.3",
19 | "contentHash": "st47PosZSHrjECdjeIzZQbzivYBJFv6P2nv4cj2ypdI204DO+vZ7l5raGMiX4eXMJ53RfOIg+/s4DHVZ54Nu2A==",
20 | "dependencies": {
21 | "Microsoft.NETCore.Platforms": "1.1.0"
22 | }
23 | },
24 | "Roslynator.Analyzers": {
25 | "type": "Direct",
26 | "requested": "[4.14.1, )",
27 | "resolved": "4.14.1",
28 | "contentHash": "yMSjze/xMYDF6PCE60/ULWx0tttNyKAndw2KijNxbKil0FX8nvDeEneDZGma8Uifk17RlfZqIXxf1mmBmhRHjg=="
29 | },
30 | "Roslynator.CodeFixes": {
31 | "type": "Direct",
32 | "requested": "[4.14.1, )",
33 | "resolved": "4.14.1",
34 | "contentHash": "q6ZurbGBXGbVchfxo6QAKdtGpAtWtFgmRGhPVlh8CS6UH2LgKmxeNv3oRi/2/a7uexbJTJgV3wT9UmIUZliheg=="
35 | },
36 | "System.Configuration.ConfigurationManager": {
37 | "type": "Direct",
38 | "requested": "[9.0.10, )",
39 | "resolved": "9.0.10",
40 | "contentHash": "5CBhl5dWmckKEtvk8F6GXtmHxNBoqAC8xILxIntNm7AzHiXQ09CXSLhncIJ/cQWaiNYzLjHZCgtMfx9tkCKHdA==",
41 | "dependencies": {
42 | "System.Security.Cryptography.ProtectedData": "9.0.10"
43 | }
44 | },
45 | "Microsoft.Build.Tasks.Git": {
46 | "type": "Transitive",
47 | "resolved": "8.0.0",
48 | "contentHash": "bZKfSIKJRXLTuSzLudMFte/8CempWjVamNUR5eHJizsy+iuOuO/k2gnh7W0dHJmYY0tBf+gUErfluCv5mySAOQ=="
49 | },
50 | "Microsoft.NETCore.Platforms": {
51 | "type": "Transitive",
52 | "resolved": "1.1.0",
53 | "contentHash": "kz0PEW2lhqygehI/d6XsPCQzD7ff7gUJaVGPVETX611eadGsA3A877GdSlU0LRVMCTH/+P3o2iDTak+S08V2+A=="
54 | },
55 | "Microsoft.SourceLink.Common": {
56 | "type": "Transitive",
57 | "resolved": "8.0.0",
58 | "contentHash": "dk9JPxTCIevS75HyEQ0E4OVAFhB2N+V9ShCXf8Q6FkUQZDkgLI12y679Nym1YqsiSysuQskT7Z+6nUf3yab6Vw=="
59 | },
60 | "System.Buffers": {
61 | "type": "Transitive",
62 | "resolved": "4.5.1",
63 | "contentHash": "Rw7ijyl1qqRS0YQD/WycNst8hUUMgrMH4FCn1nNm27M4VxchZ1js3fVjQaANHO5f3sN4isvP4a+Met9Y4YomAg=="
64 | },
65 | "System.Memory": {
66 | "type": "Transitive",
67 | "resolved": "4.5.5",
68 | "contentHash": "XIWiDvKPXaTveaB7HVganDlOCRoj03l+jrwNvcge/t8vhGYKvqV+dMv6G4SAX2NoNmN0wZfVPTAlFwZcZvVOUw==",
69 | "dependencies": {
70 | "System.Buffers": "4.5.1",
71 | "System.Numerics.Vectors": "4.4.0",
72 | "System.Runtime.CompilerServices.Unsafe": "4.5.3"
73 | }
74 | },
75 | "System.Numerics.Vectors": {
76 | "type": "Transitive",
77 | "resolved": "4.4.0",
78 | "contentHash": "UiLzLW+Lw6HLed1Hcg+8jSRttrbuXv7DANVj0DkL9g6EnnzbL75EB7EWsw5uRbhxd/4YdG8li5XizGWepmG3PQ=="
79 | },
80 | "System.Runtime.CompilerServices.Unsafe": {
81 | "type": "Transitive",
82 | "resolved": "4.5.3",
83 | "contentHash": "3TIsJhD1EiiT0w2CcDMN/iSSwnNnsrnbzeVHSKkaEgV85txMprmuO+Yq2AdSbeVGcg28pdNDTPK87tJhX7VFHw=="
84 | },
85 | "System.Security.Cryptography.ProtectedData": {
86 | "type": "Transitive",
87 | "resolved": "9.0.10",
88 | "contentHash": "iC0InhfWdk0nHlbcTAAUyWt9X4+CsaZz9elQy0otFcsUkd/Wm+DmEwjqyH9PgFl1XcSowzhv67njCstABTc3Hw==",
89 | "dependencies": {
90 | "System.Memory": "4.5.5"
91 | }
92 | }
93 | }
94 | }
95 | }
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/UrlCompareSink.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System;
22 | using System.IO;
23 | using System.Text;
24 |
25 | internal class UrlCompareSink : ITextSink
26 | {
27 | private string url;
28 | private int urlPosition;
29 |
30 | public UrlCompareSink()
31 | {
32 | }
33 |
34 | public void Initialize(string url)
35 | {
36 | this.url = url;
37 | this.urlPosition = 0;
38 | }
39 |
40 | public void Reset()
41 | {
42 | this.urlPosition = -1;
43 | }
44 |
45 | public bool IsActive { get { return this.urlPosition >= 0; } }
46 | public bool IsMatch { get { return this.urlPosition == this.url.Length; } }
47 |
48 | public bool IsEnough { get { return this.urlPosition < 0; } }
49 |
50 | public void Write(char[] buffer, int offset, int count)
51 | {
52 | if (this.IsActive)
53 | {
54 | int end = offset + count;
55 |
56 | while (offset < end)
57 | {
58 | if (this.urlPosition == 0)
59 | {
60 | if (ParseSupport.WhitespaceCharacter(ParseSupport.GetCharClass(buffer[offset])))
61 | {
62 | offset++;
63 | continue;
64 | }
65 | }
66 | else if (this.urlPosition == this.url.Length)
67 | {
68 | if (ParseSupport.WhitespaceCharacter(ParseSupport.GetCharClass(buffer[offset])))
69 | {
70 | offset++;
71 | continue;
72 | }
73 |
74 | this.urlPosition = -1;
75 | break;
76 | }
77 |
78 | if (buffer[offset] != this.url[this.urlPosition])
79 | {
80 | this.urlPosition = -1;
81 | break;
82 | }
83 |
84 | offset++;
85 | this.urlPosition++;
86 | }
87 | }
88 | }
89 |
90 | public void Write(int ucs32Char)
91 | {
92 | if (Token.LiteralLength(ucs32Char) != 1)
93 | {
94 | this.urlPosition = -1;
95 | return;
96 | }
97 |
98 | if (this.urlPosition == 0)
99 | {
100 | if (ParseSupport.WhitespaceCharacter(ParseSupport.GetCharClass((char)ucs32Char)))
101 | {
102 | return;
103 | }
104 | }
105 | else if (this.urlPosition == this.url.Length)
106 | {
107 | if (ParseSupport.WhitespaceCharacter(ParseSupport.GetCharClass((char)ucs32Char)))
108 | {
109 | return;
110 | }
111 |
112 | this.urlPosition = -1;
113 | return;
114 | }
115 |
116 | if ((char)ucs32Char != this.url[this.urlPosition])
117 | {
118 | this.urlPosition = -1;
119 | return;
120 | }
121 |
122 | this.urlPosition++;
123 | }
124 | }
125 | }
126 |
127 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder/packages.lock.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dependencies": {
4 | ".NETStandard,Version=v2.0": {
5 | "Microsoft.SourceLink.GitHub": {
6 | "type": "Direct",
7 | "requested": "[8.0.0, )",
8 | "resolved": "8.0.0",
9 | "contentHash": "G5q7OqtwIyGTkeIOAc3u2ZuV/kicQaec5EaRnc0pIeSnh9LUjj+PYQrJYBURvDt7twGl2PKA7nSN0kz1Zw5bnQ==",
10 | "dependencies": {
11 | "Microsoft.Build.Tasks.Git": "8.0.0",
12 | "Microsoft.SourceLink.Common": "8.0.0"
13 | }
14 | },
15 | "NETStandard.Library": {
16 | "type": "Direct",
17 | "requested": "[2.0.3, )",
18 | "resolved": "2.0.3",
19 | "contentHash": "st47PosZSHrjECdjeIzZQbzivYBJFv6P2nv4cj2ypdI204DO+vZ7l5raGMiX4eXMJ53RfOIg+/s4DHVZ54Nu2A==",
20 | "dependencies": {
21 | "Microsoft.NETCore.Platforms": "1.1.0"
22 | }
23 | },
24 | "Roslynator.Analyzers": {
25 | "type": "Direct",
26 | "requested": "[4.14.1, )",
27 | "resolved": "4.14.1",
28 | "contentHash": "yMSjze/xMYDF6PCE60/ULWx0tttNyKAndw2KijNxbKil0FX8nvDeEneDZGma8Uifk17RlfZqIXxf1mmBmhRHjg=="
29 | },
30 | "Roslynator.CodeFixes": {
31 | "type": "Direct",
32 | "requested": "[4.14.1, )",
33 | "resolved": "4.14.1",
34 | "contentHash": "q6ZurbGBXGbVchfxo6QAKdtGpAtWtFgmRGhPVlh8CS6UH2LgKmxeNv3oRi/2/a7uexbJTJgV3wT9UmIUZliheg=="
35 | },
36 | "Microsoft.Build.Tasks.Git": {
37 | "type": "Transitive",
38 | "resolved": "8.0.0",
39 | "contentHash": "bZKfSIKJRXLTuSzLudMFte/8CempWjVamNUR5eHJizsy+iuOuO/k2gnh7W0dHJmYY0tBf+gUErfluCv5mySAOQ=="
40 | },
41 | "Microsoft.NETCore.Platforms": {
42 | "type": "Transitive",
43 | "resolved": "1.1.0",
44 | "contentHash": "kz0PEW2lhqygehI/d6XsPCQzD7ff7gUJaVGPVETX611eadGsA3A877GdSlU0LRVMCTH/+P3o2iDTak+S08V2+A=="
45 | },
46 | "Microsoft.SourceLink.Common": {
47 | "type": "Transitive",
48 | "resolved": "8.0.0",
49 | "contentHash": "dk9JPxTCIevS75HyEQ0E4OVAFhB2N+V9ShCXf8Q6FkUQZDkgLI12y679Nym1YqsiSysuQskT7Z+6nUf3yab6Vw=="
50 | },
51 | "System.Buffers": {
52 | "type": "Transitive",
53 | "resolved": "4.5.1",
54 | "contentHash": "Rw7ijyl1qqRS0YQD/WycNst8hUUMgrMH4FCn1nNm27M4VxchZ1js3fVjQaANHO5f3sN4isvP4a+Met9Y4YomAg=="
55 | },
56 | "System.Memory": {
57 | "type": "Transitive",
58 | "resolved": "4.5.5",
59 | "contentHash": "XIWiDvKPXaTveaB7HVganDlOCRoj03l+jrwNvcge/t8vhGYKvqV+dMv6G4SAX2NoNmN0wZfVPTAlFwZcZvVOUw==",
60 | "dependencies": {
61 | "System.Buffers": "4.5.1",
62 | "System.Numerics.Vectors": "4.4.0",
63 | "System.Runtime.CompilerServices.Unsafe": "4.5.3"
64 | }
65 | },
66 | "System.Numerics.Vectors": {
67 | "type": "Transitive",
68 | "resolved": "4.4.0",
69 | "contentHash": "UiLzLW+Lw6HLed1Hcg+8jSRttrbuXv7DANVj0DkL9g6EnnzbL75EB7EWsw5uRbhxd/4YdG8li5XizGWepmG3PQ=="
70 | },
71 | "System.Runtime.CompilerServices.Unsafe": {
72 | "type": "Transitive",
73 | "resolved": "4.5.3",
74 | "contentHash": "3TIsJhD1EiiT0w2CcDMN/iSSwnNnsrnbzeVHSKkaEgV85txMprmuO+Yq2AdSbeVGcg28pdNDTPK87tJhX7VFHw=="
75 | },
76 | "System.Security.Cryptography.ProtectedData": {
77 | "type": "Transitive",
78 | "resolved": "9.0.10",
79 | "contentHash": "iC0InhfWdk0nHlbcTAAUyWt9X4+CsaZz9elQy0otFcsUkd/Wm+DmEwjqyH9PgFl1XcSowzhv67njCstABTc3Hw==",
80 | "dependencies": {
81 | "System.Memory": "4.5.5"
82 | }
83 | },
84 | "AntiXSS.NetStandard.HtmlSanitization": {
85 | "type": "Project",
86 | "dependencies": {
87 | "System.Configuration.ConfigurationManager": "[9.0.10, )"
88 | }
89 | },
90 | "System.Configuration.ConfigurationManager": {
91 | "type": "CentralTransitive",
92 | "requested": "[9.0.10, )",
93 | "resolved": "9.0.10",
94 | "contentHash": "5CBhl5dWmckKEtvk8F6GXtmHxNBoqAC8xILxIntNm7AzHiXQ09CXSLhncIJ/cQWaiNYzLjHZCgtMfx9tkCKHdA==",
95 | "dependencies": {
96 | "System.Security.Cryptography.ProtectedData": "9.0.10"
97 | }
98 | }
99 | }
100 | }
101 | }
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder.UnitTests/SurrogateTests.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Tests handling of Unicode Surrogates
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application.Tests
21 | {
22 | using Microsoft.VisualStudio.TestTools.UnitTesting;
23 |
24 | ///
25 | /// Tests handling of Unicode Surrogates
26 | ///
27 | [TestClass]
28 | public class SurrogateTests
29 | {
30 | ///
31 | /// Tests the lowest valid surrogate character pair for proper markup encoding.
32 | ///
33 | [TestMethod]
34 | public void TestHtmlLowerBoundarySurrogateEncoding()
35 | {
36 | const string target = "\uD800\uDC00";
37 | const string expected = "𐀀";
38 |
39 | string result = Encoder.HtmlEncode(target);
40 |
41 | Assert.AreEqual(expected, result);
42 | }
43 |
44 | ///
45 | /// Tests the lowest valid surrogate character pair for proper markup encoding.
46 | ///
47 | [TestMethod]
48 | public void TestHtmlUpperBoundarySurrogateEncoding()
49 | {
50 | const string target = "\uDBFF\uDFFF";
51 | const string expected = "";
52 |
53 | string result = Encoder.HtmlEncode(target);
54 |
55 | Assert.AreEqual(expected, result);
56 | }
57 |
58 | ///
59 | /// Test that a high surrogate character which is not followed by a low surrogate character
60 | /// returns the substitution character.
61 | ///
62 | [TestMethod]
63 | public void TestHtmlHighSurrogateWithoutLowSurrogate()
64 | {
65 | const string target = "\uD800";
66 | const string expected = "�"; // Substitution character.
67 |
68 | string result = Encoder.HtmlEncode(target);
69 |
70 | Assert.AreEqual(expected, result);
71 | }
72 |
73 | ///
74 | /// Test that a low surrogate character which was not preceded by a high surrogate character
75 | /// returns the substitution character.
76 | ///
77 | [TestMethod]
78 | public void TestHtmlLowSurrogateWithoutHighSurrogate()
79 | {
80 | const string target = "\uDC00";
81 | const string expected = "�"; // Substitution character.
82 |
83 | string result = Encoder.HtmlEncode(target);
84 |
85 | Assert.AreEqual(expected, result);
86 | }
87 |
88 | ///
89 | /// Tests the lowest valid surrogate character pair for proper CSS encoding.
90 | ///
91 | [TestMethod]
92 | public void TestCssLowerBoundarySurrogateEncoding()
93 | {
94 | const string target = "\uD800\uDC00";
95 | const string expected = @"\010000";
96 |
97 | string result = Encoder.CssEncode(target);
98 |
99 | Assert.AreEqual(expected, result);
100 | }
101 |
102 | ///
103 | /// Tests the lowest valid surrogate character pair for proper CSS encoding.
104 | ///
105 | [TestMethod]
106 | public void TestCssUpperBoundarySurrogateEncoding()
107 | {
108 | const string target = "\uDBFF\uDFFF";
109 | const string expected = @"\10FFFF";
110 |
111 | string result = Encoder.CssEncode(target);
112 |
113 | Assert.AreEqual(expected, result);
114 | }
115 | }
116 | }
117 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Globalization/Microsoft.Exchange.CtsResources.GlobalizationStrings.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Strings used for globalization.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.CtsResources
20 | {
21 | using System.Resources;
22 |
23 | ///
24 | /// Strings used for globalization.
25 | ///
26 | internal static class GlobalizationStrings
27 | {
28 | ///
29 | /// The resource manager for the globalization strings resources.
30 | ///
31 | private static readonly ResourceManager ResourceManager =
32 | new("Microsoft.Exchange.CtsResources.GlobalizationStrings", typeof(GlobalizationStrings).Assembly);
33 |
34 | ///
35 | /// Resource identifiers
36 | ///
37 | public enum ResourceIdentifier
38 | {
39 | ///
40 | /// The maximum number of characters cannot be negative.
41 | ///
42 | MaxCharactersCannotBeNegative,
43 |
44 | ///
45 | /// The code page priority list includes a code page which cannot be detected.
46 | ///
47 | PriorityListIncludesNonDetectableCodePage,
48 |
49 | ///
50 | /// Index out of range.
51 | ///
52 | IndexOutOfRange,
53 |
54 | ///
55 | /// The count is too large.
56 | ///
57 | CountTooLarge,
58 |
59 | ///
60 | /// The offset is out of range.
61 | ///
62 | OffsetOutOfRange,
63 |
64 | ///
65 | /// The count is out of range.
66 | ///
67 | CountOutOfRange
68 | }
69 |
70 | ///
71 | /// Parameter identifiers
72 | ///
73 | public enum ParameterIdentifier
74 | {
75 | ///
76 | /// Invalid character set.
77 | ///
78 | InvalidCharset,
79 |
80 | ///
81 | /// Invalid locale identifier.
82 | ///
83 | InvalidLocaleId,
84 |
85 | ///
86 | /// The code page is not installed.
87 | ///
88 | NotInstalledCodePage,
89 |
90 | ///
91 | /// The character set is not installed.
92 | ///
93 | NotInstalledCharset,
94 |
95 | ///
96 | /// The code page is invalid.
97 | ///
98 | InvalidCodePage,
99 |
100 | ///
101 | /// The code page and the character set are not installed.
102 | ///
103 | NotInstalledCharsetCodePage,
104 |
105 | ///
106 | /// The culture name is invalid.
107 | ///
108 | InvalidCultureName
109 | }
110 |
111 | ///
112 | /// Gets the string for the Invalid Code Page error.
113 | ///
114 | /// The code page.
115 | /// The Invalid Code Page error string.
116 | internal static string InvalidCodePage(int codePage)
117 | {
118 | return string.Format(ResourceManager.GetString("InvalidCodePage"), codePage);
119 | }
120 | }
121 | }
122 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/RecognizeInterestingFontName.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System;
22 | using System.Runtime.Serialization;
23 |
24 | internal struct RecognizeInterestingFontName
25 | {
26 | private static readonly byte[] CharMapToClass =
27 | [
28 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0,
29 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
30 | 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
31 |
32 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0,
33 |
34 | 0, 0, 11, 0, 7, 0, 0, 6, 0, 4, 0, 0, 13, 10, 5, 12,
35 |
36 | 0, 0, 0, 8, 0, 0, 0, 3, 0, 9, 0, 0, 0, 0, 0, 0,
37 |
38 | 0, 0, 11, 0, 7, 0, 0, 6, 0, 4, 0, 0, 13, 10, 5, 12,
39 |
40 | 0, 0, 0, 8, 0, 0, 0, 3, 0, 9, 0, 0, 0, 0, 0, 0,
41 | ];
42 |
43 | private static readonly sbyte[,] StateTransitionTable = new sbyte[,]
44 | {
45 | { -1, 0, -1, 3, -1, -1, -1, -1, 11, -1, -1, -1, -1, -1 },
46 |
47 | { -1, 1, 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 },
48 | { -1, 2, 2, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 },
49 |
50 | { -1, -1, -1, -1, 4, -1, -1, -1, -1, -1, -1, -1, -1, -1 },
51 | { -1, -1, -1, -1, -1, 5, -1, -1, -1, -1, -1, -1, -1, -1 },
52 | { -1, -1, -1, -1, -1, -1, 6, -1, -1, -1, -1, -1, -1, -1 },
53 | { -1, -1, -1, -1, -1, -1, -1, 7, -1, -1, -1, -1, -1, -1 },
54 | { -1, -1, -1, -1, 8, -1, -1, -1, -1, -1, -1, -1, -1, -1 },
55 | { -1, -1, -1, -1, -1, 9, -1, -1, -1, -1, -1, -1, -1, -1 },
56 | { -1, -1, -1, -1, -1, -1, 10, -1, -1, -1, -1, -1, -1, -1 },
57 | { -1, -1, -1, -1, -1, -1, -1, -1, 2, -1, -1, -1, -1, -1 },
58 |
59 | { -1, -1, -1, -1, -1, -1, -1, -1, -1, 12, -1, -1, -1, -1 },
60 | { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 13, -1, -1, -1 },
61 | { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 14, -1, -1 },
62 | { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 15, -1 },
63 | { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 1 },
64 | };
65 |
66 | private sbyte state;
67 |
68 | ///
69 | /// Gets the text mapping.
70 | ///
71 | /// The text mapping.
72 | public TextMapping TextMapping
73 | {
74 | get
75 | {
76 | switch (this.state)
77 | {
78 | case 1: return TextMapping.Symbol;
79 | case 2: return TextMapping.Wingdings;
80 | }
81 | return TextMapping.Unicode;
82 | }
83 | }
84 |
85 | ///
86 | /// Gets a value indicating whether this instance is rejected.
87 | ///
88 | ///
89 | /// true if this instance is rejected; otherwise, false.
90 | ///
91 | public bool IsRejected
92 | {
93 | get { return this.state < 0; }
94 | }
95 |
96 | public void AddCharacter(char ch)
97 | {
98 | if (this.state >= 0)
99 | {
100 | this.state = StateTransitionTable[this.state, ch > 0x7F ? 0 : (int)CharMapToClass[(int)ch]];
101 | }
102 | }
103 | }
104 | }
105 |
106 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Globalization/CodepageDetectData.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Encapsulates code page detection data
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Globalization
20 | {
21 | ///
22 | /// Encapsulates code page detection data.
23 | ///
24 | internal class CodePageDetectData
25 | {
26 | ///
27 | /// Initializes a new instance of the class.
28 | ///
29 | private CodePageDetectData()
30 | {
31 | }
32 |
33 | ///
34 | /// The list of code pages and their masks.
35 | ///
36 | internal static readonly CodePage[] CodePages =
37 | [
38 | new CodePage(20127, 0x00000001, false),
39 | new CodePage(28591, 0x00000002, false),
40 | new CodePage(28592, 0x00000004, false),
41 | new CodePage(20866, 0x00000008, false),
42 | new CodePage(21866, 0x00000010, false),
43 | new CodePage(28595, 0x00000020, false),
44 | new CodePage(28597, 0x00000040, false),
45 | new CodePage(28593, 0x00000080, false),
46 | new CodePage(28594, 0x00000100, false),
47 | new CodePage(28596, 0x00000200, false),
48 | new CodePage(38598, 0x00000400, false),
49 | new CodePage(28605, 0x00000800, false),
50 | new CodePage(28599, 0x00001000, false),
51 | new CodePage(1252, 0x00002000, true),
52 | new CodePage(1250, 0x00004000, true),
53 | new CodePage(1251, 0x00008000, true),
54 | new CodePage(1253, 0x00010000, true),
55 | new CodePage(1254, 0x00020000, true),
56 | new CodePage(1257, 0x00040000, true),
57 | new CodePage(1258, 0x00080000, true),
58 | new CodePage(1256, 0x00100000, true),
59 | new CodePage(1255, 0x00200000, true),
60 | new CodePage(874, 0x00400000, true),
61 | new CodePage(50220, 0x00800000, false),
62 | new CodePage(932, 0x01000000, true),
63 | new CodePage(949, 0x02000000, true),
64 | new CodePage(950, 0x04000000, true),
65 | new CodePage(936, 0x08000000, true),
66 | new CodePage(51932, 0x10000000, false),
67 | new CodePage(51949, 0x20000000, false),
68 | new CodePage(50225, 0x40000000, false),
69 | new CodePage(52936, 0x80000000, false),
70 | ];
71 |
72 | ///
73 | /// Represents a code page.
74 | ///
75 | internal struct CodePage
76 | {
77 | ///
78 | /// The code page identifier.
79 | ///
80 | public ushort Id;
81 |
82 | ///
83 | /// The Mask for this codepage.
84 | ///
85 | public uint Mask;
86 |
87 | ///
88 | /// True if the codepage is a windows codepage, otherwise false.
89 | ///
90 | public bool IsWindowsCodePage;
91 |
92 | ///
93 | /// Initializes a new instance of the struct.
94 | ///
95 | /// The code page identifier.
96 | /// The code page Mask.
97 | /// if set to true the code page is a Windows codepage..
98 | public CodePage(ushort id, uint mask, bool isWindowsCodePage)
99 | {
100 | this.Id = id;
101 | this.Mask = mask;
102 | this.IsWindowsCodePage = isWindowsCodePage;
103 | }
104 | }
105 | }
106 | }
107 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/ConverterOutput.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System;
22 | using System.IO;
23 | using System.Text;
24 |
25 | internal interface IFallback
26 | {
27 | byte[] GetUnsafeAsciiMap(out byte unsafeAsciiMask);
28 |
29 | bool HasUnsafeUnicode();
30 | bool TreatNonAsciiAsUnsafe(string charset);
31 | bool IsUnsafeUnicode(char ch, bool isFirstChar);
32 |
33 | bool FallBackChar(char ch, char[] outputBuffer, ref int outputBufferCount, int lineBufferEnd);
34 | }
35 |
36 | internal abstract class ConverterOutput : ITextSink, IDisposable
37 | {
38 | protected char[] stringBuffer;
39 |
40 | protected const int stringBufferMax = 128;
41 | protected const int stringBufferReserve = 20;
42 | protected const int stringBufferThreshold = stringBufferMax - stringBufferReserve;
43 |
44 | private readonly IFallback fallback;
45 |
46 | public ConverterOutput()
47 | {
48 | this.stringBuffer = new char[stringBufferMax];
49 | }
50 |
51 | public abstract bool CanAcceptMore { get; }
52 |
53 | public abstract void Write(char[] buffer, int offset, int count, IFallback fallback);
54 |
55 | public abstract void Flush();
56 |
57 | public virtual void Write(string text)
58 | {
59 | this.Write(text, 0, text.Length, null);
60 | }
61 |
62 | public void Write(string text, IFallback fallback)
63 | {
64 | this.Write(text, 0, text.Length, fallback);
65 | }
66 |
67 | public void Write(string text, int offset, int count)
68 | {
69 | this.Write(text, offset, count, null);
70 | }
71 |
72 | public void Write(string text, int offset, int count, IFallback fallback)
73 | {
74 | if (this.stringBuffer.Length < count)
75 | {
76 | this.stringBuffer = new char[count * 2];
77 | }
78 |
79 | text.CopyTo(offset, this.stringBuffer, 0, count);
80 |
81 | this.Write(this.stringBuffer, 0, count, fallback);
82 | }
83 |
84 | public void Write(char ch)
85 | {
86 | this.Write(ch, null);
87 | }
88 |
89 | public void Write(char ch, IFallback fallback)
90 | {
91 | this.stringBuffer[0] = ch;
92 | this.Write(this.stringBuffer, 0, 1, fallback);
93 | }
94 |
95 | public void Write(int ucs32Literal, IFallback fallback)
96 | {
97 | if (ucs32Literal > 0xFFFF)
98 | {
99 | this.stringBuffer[0] = ParseSupport.HighSurrogateCharFromUcs4(ucs32Literal);
100 | this.stringBuffer[1] = ParseSupport.LowSurrogateCharFromUcs4(ucs32Literal);
101 | }
102 | else
103 | {
104 | this.stringBuffer[0] = (char)ucs32Literal;
105 | }
106 |
107 | this.Write(this.stringBuffer, 0, ucs32Literal > 0xFFFF ? 2 : 1, fallback);
108 | }
109 |
110 | bool ITextSink.IsEnough { get { return false; } }
111 |
112 | void ITextSink.Write(char[] buffer, int offset, int count)
113 | {
114 | this.Write(buffer, offset, count, this.fallback);
115 | }
116 |
117 | void ITextSink.Write(int ucs32Literal)
118 | {
119 | this.Write(ucs32Literal, this.fallback);
120 | }
121 |
122 | ///
123 | /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
124 | ///
125 | void IDisposable.Dispose()
126 | {
127 | this.Dispose();
128 | GC.SuppressFinalize(this);
129 | }
130 |
131 | ///
132 | /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
133 | ///
134 | protected virtual void Dispose()
135 | {
136 | }
137 | }
138 | }
139 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder/InvalidUnicodeValueException.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Thrown when a invalid Unicode valid is encountered.
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application
21 | {
22 | using System;
23 | using System.Globalization;
24 | using System.Runtime.Serialization;
25 | using System.Security.Permissions;
26 |
27 | ///
28 | /// Thrown when a invalid Unicode valid is encountered.
29 | ///
30 | [Serializable]
31 | public class InvalidUnicodeValueException : Exception
32 | {
33 | [NonSerialized]
34 | private int value;
35 |
36 | ///
37 | /// Initializes a new instance of the class.
38 | ///
39 | public InvalidUnicodeValueException()
40 | {
41 | }
42 |
43 | ///
44 | /// Initializes a new instance of the class.
45 | ///
46 | /// The message.
47 | public InvalidUnicodeValueException(string message)
48 | : base(message)
49 | {
50 | }
51 |
52 | ///
53 | /// Initializes a new instance of the class.
54 | ///
55 | /// The message.
56 | /// The inner exception.
57 | public InvalidUnicodeValueException(string message, Exception inner)
58 | : base(message, inner)
59 | {
60 | }
61 |
62 | ///
63 | /// Initializes a new instance of the class.
64 | ///
65 | /// The invalid value.
66 | public InvalidUnicodeValueException(int value)
67 | {
68 | this.Value = value;
69 | }
70 |
71 | ///
72 | /// Initializes a new instance of the class.
73 | ///
74 | /// The message.
75 | /// The invalid value.
76 | public InvalidUnicodeValueException(string message, int value)
77 | : base(message)
78 | {
79 | this.Value = value;
80 | }
81 |
82 | ///
83 | protected InvalidUnicodeValueException(SerializationInfo info, StreamingContext context)
84 | : base(info, context)
85 | {
86 | this.Value = info.GetChar(nameof(this.Value));
87 | }
88 |
89 | ///
90 | /// Gets or sets the the invalid value.
91 | ///
92 | /// The invalid value.
93 | public int Value
94 | {
95 | get => this.value;
96 | protected set => this.value = value;
97 | }
98 |
99 | ///
100 | /// Gets a message that describes the current exception.
101 | ///
102 | /// The error message that explains the reason for the exception, or an empty string("").
103 | public override string Message
104 | {
105 | get
106 | {
107 | if (this.Value == 0)
108 | {
109 | return base.Message;
110 | }
111 |
112 | return string.Format(CultureInfo.CurrentCulture, "Value : {0:x4}", this.Value) + Environment.NewLine + "Message: " + base.Message;
113 | }
114 | }
115 |
116 | ///
117 | [SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
118 | public override void GetObjectData(SerializationInfo info, StreamingContext context)
119 | {
120 | if (info == null)
121 | {
122 | throw new ArgumentNullException(nameof(info));
123 | }
124 |
125 | info.AddValue(nameof(this.Value), this.Value);
126 | base.GetObjectData(info, context);
127 | }
128 | }
129 | }
130 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder/CssEncoder.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Provides CSS Encoding methods.
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 | namespace Microsoft.Security.Application
20 | {
21 | using System;
22 | using System.Collections;
23 | using System.Text;
24 |
25 | ///
26 | /// Provides CSS Encoding methods.
27 | ///
28 | internal static class CssEncoder
29 | {
30 | ///
31 | /// The values to output for each character.
32 | ///
33 | private static readonly Lazy characterValuesLazy = new(InitialiseSafeList);
34 |
35 | ///
36 | /// Encodes according to the CSS encoding rules.
37 | ///
38 | /// The string to encode.
39 | /// The encoded string.
40 | internal static string? Encode(string? input)
41 | {
42 | if (string.IsNullOrEmpty(input))
43 | {
44 | return input;
45 | }
46 |
47 | char[][] characterValues = characterValuesLazy.Value;
48 |
49 | // Setup a new StringBuilder for output.
50 | // Worse case scenario - CSS encoding wants \XXXXXX for encoded characters.
51 | StringBuilder builder = EncoderUtil.GetOutputStringBuilder(input!.Length, 7);
52 |
53 | Utf16StringReader stringReader = new(input);
54 | while (true)
55 | {
56 | int currentCodePoint = stringReader.ReadNextScalarValue();
57 | if (currentCodePoint < 0)
58 | {
59 | break; // EOF
60 | }
61 |
62 | if (currentCodePoint >= characterValues.Length)
63 | {
64 | // We don't have a pre-generated mapping of characters beyond the U+00FF, so we need
65 | // to generate these encodings on-the-fly. We should encode the code point rather
66 | // than the surrogate code units that make up this code point.
67 | // See: http://www.w3.org/International/questions/qa-escapes#cssescapes
68 | char[] encodedCharacter = SafeList.SlashThenSixDigitHexValueGenerator(currentCodePoint);
69 | builder.Append(encodedCharacter);
70 | }
71 | else if (characterValues[currentCodePoint] != null)
72 | {
73 | // character needs to be encoded
74 | char[] encodedCharacter = characterValues[currentCodePoint];
75 | builder.Append(encodedCharacter);
76 | }
77 | else
78 | {
79 | // character does not need encoding
80 | builder.Append((char)currentCodePoint);
81 | }
82 | }
83 |
84 | return builder.ToString();
85 | }
86 |
87 | ///
88 | /// Initializes the CSS safe list.
89 | ///
90 | ///
91 | /// The CSS safe list.
92 | ///
93 | private static char[][] InitialiseSafeList()
94 | {
95 | char[][] result = SafeList.Generate(0xFF, SafeList.SlashThenSixDigitHexValueGenerator);
96 | SafeList.PunchSafeList(ref result, CssSafeList());
97 | return result;
98 | }
99 |
100 | ///
101 | /// Provides the safe characters for CS encoding.
102 | ///
103 | /// The safe characters for CSS encoding.
104 | /// See http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
105 | private static IEnumerable CssSafeList()
106 | {
107 | for (int i = '0'; i <= '9'; i++)
108 | {
109 | yield return i;
110 | }
111 |
112 | for (int i = 'A'; i <= 'Z'; i++)
113 | {
114 | yield return i;
115 | }
116 |
117 | for (int i = 'a'; i <= 'z'; i++)
118 | {
119 | yield return i;
120 | }
121 | }
122 | }
123 | }
124 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/HTML/HtmlAttributeId.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // An enumeration for an HTML attribute.
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | ///
22 | /// An enumeration for an HTML attribute.
23 | ///
24 | internal enum HtmlAttributeId : byte
25 | {
26 | Unknown = 0,
27 | Abbr,
28 | Accept,
29 | AcceptCharset,
30 | AccessKey,
31 | Action,
32 | Align,
33 | Alink,
34 | Alt,
35 | Archive,
36 | Axis,
37 | Background,
38 | BGColor,
39 | Border,
40 | CellPadding,
41 | CellSpacing,
42 | Char,
43 | CharOff,
44 | Charset,
45 | Checked,
46 | Cite,
47 | Class,
48 | ClassId,
49 | Clear,
50 | Code,
51 | CodeBase,
52 | CodeType,
53 | Color,
54 | Cols,
55 | ColSpan,
56 | Compact,
57 | Content,
58 | Coords,
59 | Data,
60 | DateTime,
61 | Declare,
62 | Defer,
63 | Dir,
64 | Disabled,
65 | DynSrc,
66 | EncType,
67 | Face,
68 | For,
69 | Frame,
70 | FrameBorder,
71 | Headers,
72 | Height,
73 | Href,
74 | HrefLang,
75 | Hspace,
76 | HttpEquiv,
77 | Id,
78 | IsMap,
79 | Label,
80 | Lang,
81 | Language,
82 | LeftMargin,
83 | Link,
84 | LongDesc,
85 | LowSrc,
86 | MarginHeight,
87 | MarginWidth,
88 | MaxLength,
89 | Media,
90 | Method,
91 | Multiple,
92 | Name,
93 | NoHref,
94 | NoResize,
95 | NoShade,
96 | NoWrap,
97 | Object,
98 | #if false
99 | OnAbort,
100 | OnActivate,
101 | OnAfterPrint,
102 | OnAfterUpdate,
103 | OnBeforeActivate,
104 | OnBeforeCopy,
105 | OnBeforeCut,
106 | OnBeforeDeactivate,
107 | OnBeforeEditFocus,
108 | OnBeforePaste,
109 | OnBeforeUnload,
110 | OnBeforeUpdate,
111 | OnBlur,
112 | OnCellChange,
113 | OnChange,
114 | OnClick,
115 | OnContextMenu,
116 | OnControlSelect,
117 | OnCopy,
118 | OnCut,
119 | OnDataAvailable,
120 | OnDatasetChanged,
121 | OnDatasetComplete,
122 | OnDblClick,
123 | OnDeactivate,
124 | OnDrag,
125 | OnDragEnd,
126 | OnDragEnter,
127 | OnDragLeave,
128 | OnDragOver,
129 | OnDragStart,
130 | OnDrop,
131 | OnError,
132 | OnErrorUpdate,
133 | OnFilterChange,
134 | OnFocus,
135 | OnFocusIn,
136 | OnFocusOut,
137 | OnHelp,
138 | OnKeyDown,
139 | OnKeyPress,
140 | OnKeyUp,
141 | OnLayoutComplete,
142 | OnLoseCapture,
143 | OnLoad,
144 | OnMouseDown,
145 | OnMouseEnter,
146 | OnMouseLeave,
147 | OnMouseMove,
148 | OnMouseOut,
149 | OnMouseOver,
150 | OnMouseUp,
151 | OnMouseWheel,
152 | OnMove,
153 | OnMoveEnd,
154 | OnMoveStart,
155 | OnPaste,
156 | OnPropertyChange,
157 | OnReadyStateChange,
158 | OnResize,
159 | OnResizeEnd,
160 | OnResizeStart,
161 | OnReset,
162 | OnRowEnter,
163 | OnRowExit,
164 | OnRowsDelete,
165 | OnRowsInserted,
166 | OnScroll,
167 | OnSelect,
168 | OnSelectStart,
169 | OnSubmit,
170 | OnTimeError,
171 | OnUnload,
172 | #endif
173 | Profile,
174 | Prompt,
175 | ReadOnly,
176 | Rel,
177 | Rev,
178 | Rows,
179 | RowSpan,
180 | Rules,
181 | Scheme,
182 | Scope,
183 | Scrolling,
184 | Selected,
185 | Shape,
186 | Size,
187 | Span,
188 | Src,
189 | StandBy,
190 | Start,
191 | Style,
192 | Summary,
193 | TabIndex,
194 | Target,
195 | Text,
196 | Title,
197 | TopMargin,
198 | Type,
199 | UseMap,
200 | Valign,
201 | Value,
202 | ValueType,
203 | Version,
204 | Vlink,
205 | Vspace,
206 | Width,
207 | }
208 | }
209 |
--------------------------------------------------------------------------------
/AntiXSS.sln:
--------------------------------------------------------------------------------
1 | Microsoft Visual Studio Solution File, Format Version 12.00
2 | # Visual Studio 2012
3 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{B911405E-6A46-4BE6-B997-91D85388CA9A}"
4 | ProjectSection(SolutionItems) = preProject
5 | AntiXssAssemblyInfo.cs = AntiXssAssemblyInfo.cs
6 | FxCopDictionary.xml = FxCopDictionary.xml
7 | License.txt = License.txt
8 | EndProjectSection
9 | EndProject
10 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Documentation", "Documentation", "{57C3E762-30FA-402E-8738-76EA3A56A1AF}"
11 | ProjectSection(SolutionItems) = preProject
12 | Documentation\AntiXSS v4.3.docx = Documentation\AntiXSS v4.3.docx
13 | EndProjectSection
14 | EndProject
15 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.Security.Application.Encoder", "Microsoft.Security.Application.Encoder\Microsoft.Security.Application.Encoder.csproj", "{E7B6B7D1-53F8-4492-9B98-23244070E3E6}"
16 | EndProject
17 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.Security.Application.HtmlSanitization", "Microsoft.Security.Application.HtmlSanitization\Microsoft.Security.Application.HtmlSanitization.csproj", "{7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}"
18 | EndProject
19 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.Security.Application.Encoder.UnitTests", "Microsoft.Security.Application.Encoder.UnitTests\Microsoft.Security.Application.Encoder.UnitTests.csproj", "{53A4B395-7A8D-4BE5-9925-5795EC95846C}"
20 | EndProject
21 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Microsoft.Security.Application.HtmlSanitization.Tests", "Microsoft.Security.Application.HtmlSanitization.Tests\Microsoft.Security.Application.HtmlSanitization.Tests.csproj", "{6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}"
22 | EndProject
23 | Global
24 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
25 | Debug|Any CPU = Debug|Any CPU
26 | Debug|Mixed Platforms = Debug|Mixed Platforms
27 | Debug|x86 = Debug|x86
28 | Release|Any CPU = Release|Any CPU
29 | Release|Mixed Platforms = Release|Mixed Platforms
30 | Release|x86 = Release|x86
31 | EndGlobalSection
32 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
33 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
34 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Debug|Any CPU.Build.0 = Debug|Any CPU
35 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
36 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
37 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Debug|x86.ActiveCfg = Debug|Any CPU
38 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Release|Any CPU.ActiveCfg = Release|Any CPU
39 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Release|Any CPU.Build.0 = Release|Any CPU
40 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
41 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Release|Mixed Platforms.Build.0 = Release|Any CPU
42 | {E7B6B7D1-53F8-4492-9B98-23244070E3E6}.Release|x86.ActiveCfg = Release|Any CPU
43 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
44 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Debug|Any CPU.Build.0 = Debug|Any CPU
45 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
46 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
47 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Debug|x86.ActiveCfg = Debug|Any CPU
48 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Release|Any CPU.ActiveCfg = Release|Any CPU
49 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Release|Any CPU.Build.0 = Release|Any CPU
50 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
51 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Release|Mixed Platforms.Build.0 = Release|Any CPU
52 | {7318FE57-3EFC-4A13-8B62-2E3BC31A4F84}.Release|x86.ActiveCfg = Release|Any CPU
53 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
54 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Debug|Any CPU.Build.0 = Debug|Any CPU
55 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
56 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
57 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Debug|x86.ActiveCfg = Debug|Any CPU
58 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Release|Any CPU.ActiveCfg = Release|Any CPU
59 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Release|Any CPU.Build.0 = Release|Any CPU
60 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
61 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Release|Mixed Platforms.Build.0 = Release|Any CPU
62 | {53A4B395-7A8D-4BE5-9925-5795EC95846C}.Release|x86.ActiveCfg = Release|Any CPU
63 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
64 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Debug|Any CPU.Build.0 = Debug|Any CPU
65 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
66 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
67 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Debug|x86.ActiveCfg = Debug|Any CPU
68 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Release|Any CPU.ActiveCfg = Release|Any CPU
69 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Release|Any CPU.Build.0 = Release|Any CPU
70 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
71 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Release|Mixed Platforms.Build.0 = Release|Any CPU
72 | {6A605CD7-3C75-41A4-BD3A-ECD4FC45CE1B}.Release|x86.ActiveCfg = Release|Any CPU
73 | EndGlobalSection
74 | GlobalSection(SolutionProperties) = preSolution
75 | HideSolutionNode = FALSE
76 | EndGlobalSection
77 | GlobalSection(NestedProjects) = preSolution
78 | {57C3E762-30FA-402E-8738-76EA3A56A1AF} = {B911405E-6A46-4BE6-B997-91D85388CA9A}
79 | EndGlobalSection
80 | EndGlobal
81 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Globalization/CodepageMap.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Represents the logic to choose a codepage.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Globalization
20 | {
21 | using Internal;
22 |
23 | ///
24 | /// Represents the logic to choose a codepage.
25 | ///
26 | internal class CodePageMap : CodePageMapData
27 | {
28 | ///
29 | /// The current codepage.
30 | ///
31 | private int codePage;
32 |
33 | ///
34 | /// The ranges for the current codepage.
35 | ///
36 | private CodePageRange[] ranges;
37 |
38 | ///
39 | /// The previous index used for range operations.
40 | ///
41 | private int lastRangeIndex;
42 |
43 | ///
44 | /// The last codepage range used.
45 | ///
46 | private CodePageRange lastRange;
47 |
48 | ///
49 | /// Chooses the current code page.
50 | ///
51 | /// The code page to choose.
52 | /// True if the selection is succesful, otherwise false.
53 | public bool ChoseCodePage(int newCodePage)
54 | {
55 | if (newCodePage == this.codePage)
56 | {
57 | return true;
58 | }
59 |
60 | this.codePage = newCodePage;
61 | this.ranges = null;
62 |
63 | if (newCodePage == 1200)
64 | {
65 | return true;
66 | }
67 |
68 | for (int i = CodePages.Length - 1; i >= 0; i--)
69 | {
70 | if (CodePages[i].Id != newCodePage)
71 | {
72 | continue;
73 | }
74 |
75 | this.ranges = CodePages[i].Ranges;
76 | this.lastRangeIndex = this.ranges.Length / 2;
77 | this.lastRange = this.ranges[this.lastRangeIndex];
78 |
79 | return true;
80 | }
81 |
82 | return false;
83 | }
84 |
85 | ///
86 | /// Decides if an extended chracter is unsafe for the current codepage.
87 | ///
88 | /// The character to check.
89 | /// True if the character is unsafe, otherwise false.
90 | public bool IsUnsafeExtendedCharacter(char ch)
91 | {
92 | if (this.ranges == null)
93 | {
94 | InternalDebug.Assert(false);
95 | return false;
96 | }
97 |
98 | if (ch <= this.lastRange.Last)
99 | {
100 | if (ch >= this.lastRange.First)
101 | {
102 | return this.lastRange.Offset != 0xFFFFu && (Bitmap[this.lastRange.Offset + (ch - this.lastRange.First)] & this.lastRange.Mask) == 0;
103 | }
104 |
105 | int i = this.lastRangeIndex;
106 |
107 | while (--i >= 0)
108 | {
109 | if (ch < this.ranges[i].First)
110 | {
111 | continue;
112 | }
113 |
114 | if (ch <= this.ranges[i].Last)
115 | {
116 | if (ch == this.ranges[i].First)
117 | {
118 | return false;
119 | }
120 |
121 | this.lastRangeIndex = i;
122 | this.lastRange = this.ranges[i];
123 |
124 | return this.lastRange.Offset != 0xFFFFu && (Bitmap[this.lastRange.Offset + (ch - this.lastRange.First)] & this.lastRange.Mask) == 0;
125 | }
126 |
127 | break;
128 | }
129 | }
130 | else
131 | {
132 | int i = this.lastRangeIndex;
133 |
134 | while (++i < this.ranges.Length)
135 | {
136 | if (ch > this.ranges[i].Last)
137 | {
138 | continue;
139 | }
140 |
141 | if (ch >= this.ranges[i].First)
142 | {
143 | if (ch == this.ranges[i].First)
144 | {
145 | return false;
146 | }
147 |
148 | this.lastRangeIndex = i;
149 | this.lastRange = this.ranges[i];
150 |
151 | return this.lastRange.Offset != 0xFFFFu && (Bitmap[this.lastRange.Offset + (ch - this.lastRange.First)] & this.lastRange.Mask) == 0;
152 | }
153 |
154 | break;
155 | }
156 | }
157 |
158 | return true;
159 | }
160 | }
161 | }
162 |
163 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | # Created by https://www.gitignore.io/api/aspnetcore
3 | # Edit at https://www.gitignore.io/?templates=aspnetcore
4 |
5 | ### ASPNETCore ###
6 | ## Ignore Visual Studio temporary files, build results, and
7 | ## files generated by popular Visual Studio add-ons.
8 |
9 | # User-specific files
10 | *.suo
11 | *.user
12 | *.userosscache
13 | *.sln.docstates
14 |
15 | # User-specific files (MonoDevelop/Xamarin Studio)
16 | *.userprefs
17 |
18 | # Build results
19 | [Dd]ebug/
20 | [Dd]ebugPublic/
21 | [Rr]elease/
22 | [Rr]eleases/
23 | x64/
24 | x86/
25 | bld/
26 | [Bb]in/
27 | [Oo]bj/
28 | [Ll]og/
29 |
30 | # Visual Studio 2015 cache/options directory
31 | .vs/
32 | # Uncomment if you have tasks that create the project's static files in wwwroot
33 | #wwwroot/
34 |
35 | # MSTest test Results
36 | [Tt]est[Rr]esult*/
37 | [Bb]uild[Ll]og.*
38 |
39 | # NUNIT
40 | *.VisualState.xml
41 | TestResult.xml
42 |
43 | # Build Results of an ATL Project
44 | [Dd]ebugPS/
45 | [Rr]eleasePS/
46 | dlldata.c
47 |
48 | # DNX
49 | project.lock.json
50 | project.fragment.lock.json
51 | artifacts/
52 |
53 | *_i.c
54 | *_p.c
55 | *_i.h
56 | *.ilk
57 | *.meta
58 | *.obj
59 | *.pch
60 | *.pdb
61 | *.pgc
62 | *.pgd
63 | *.rsp
64 | *.sbr
65 | *.tlb
66 | *.tli
67 | *.tlh
68 | *.tmp
69 | *.tmp_proj
70 | *.log
71 | *.vspscc
72 | *.vssscc
73 | .builds
74 | *.pidb
75 | *.svclog
76 | *.scc
77 |
78 | # Chutzpah Test files
79 | _Chutzpah*
80 |
81 | # Visual C++ cache files
82 | ipch/
83 | *.aps
84 | *.ncb
85 | *.opendb
86 | *.opensdf
87 | *.sdf
88 | *.cachefile
89 | *.VC.db
90 | *.VC.VC.opendb
91 |
92 | # Visual Studio profiler
93 | *.psess
94 | *.vsp
95 | *.vspx
96 | *.sap
97 |
98 | # TFS 2012 Local Workspace
99 | $tf/
100 |
101 | # Guidance Automation Toolkit
102 | *.gpState
103 |
104 | # ReSharper is a .NET coding add-in
105 | _ReSharper*/
106 | *.[Rr]e[Ss]harper
107 | *.DotSettings.user
108 |
109 | # JustCode is a .NET coding add-in
110 | .JustCode
111 |
112 | # TeamCity is a build add-in
113 | _TeamCity*
114 |
115 | # DotCover is a Code Coverage Tool
116 | *.dotCover
117 |
118 | # Visual Studio code coverage results
119 | *.coverage
120 | *.coveragexml
121 |
122 | # NCrunch
123 | _NCrunch_*
124 | .*crunch*.local.xml
125 | nCrunchTemp_*
126 |
127 | # MightyMoose
128 | *.mm.*
129 | AutoTest.Net/
130 |
131 | # Web workbench (sass)
132 | .sass-cache/
133 |
134 | # Installshield output folder
135 | [Ee]xpress/
136 |
137 | # DocProject is a documentation generator add-in
138 | DocProject/buildhelp/
139 | DocProject/Help/*.HxT
140 | DocProject/Help/*.HxC
141 | DocProject/Help/*.hhc
142 | DocProject/Help/*.hhk
143 | DocProject/Help/*.hhp
144 | DocProject/Help/Html2
145 | DocProject/Help/html
146 |
147 | # Click-Once directory
148 | publish/
149 |
150 | # Publish Web Output
151 | *.[Pp]ublish.xml
152 | *.azurePubxml
153 | # TODO: Comment the next line if you want to checkin your web deploy settings
154 | # but database connection strings (with potential passwords) will be unencrypted
155 | *.pubxml
156 | *.publishproj
157 |
158 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
159 | # checkin your Azure Web App publish settings, but sensitive information contained
160 | # in these scripts will be unencrypted
161 | PublishScripts/
162 |
163 | # NuGet Packages
164 | *.nupkg
165 | # The packages folder can be ignored because of Package Restore
166 | **/packages/*
167 | # except build/, which is used as an MSBuild target.
168 | !**/packages/build/
169 | # Uncomment if necessary however generally it will be regenerated when needed
170 | #!**/packages/repositories.config
171 | # NuGet v3's project.json files produces more ignoreable files
172 | *.nuget.props
173 | *.nuget.targets
174 |
175 | # Microsoft Azure Build Output
176 | csx/
177 | *.build.csdef
178 |
179 | # Microsoft Azure Emulator
180 | ecf/
181 | rcf/
182 |
183 | # Windows Store app package directories and files
184 | AppPackages/
185 | BundleArtifacts/
186 | Package.StoreAssociation.xml
187 | _pkginfo.txt
188 |
189 | # Visual Studio cache files
190 | # files ending in .cache can be ignored
191 | *.[Cc]ache
192 | # but keep track of directories ending in .cache
193 | !*.[Cc]ache/
194 |
195 | # Others
196 | ClientBin/
197 | ~$*
198 | *~
199 | *.dbmdl
200 | *.dbproj.schemaview
201 | *.jfm
202 | *.pfx
203 | *.publishsettings
204 | node_modules/
205 | orleans.codegen.cs
206 |
207 | # Since there are multiple workflows, uncomment next line to ignore bower_components
208 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
209 | #bower_components/
210 |
211 | # RIA/Silverlight projects
212 | Generated_Code/
213 |
214 | # Backup & report files from converting an old project file
215 | # to a newer Visual Studio version. Backup files are not needed,
216 | # because we have git ;-)
217 | _UpgradeReport_Files/
218 | Backup*/
219 | UpgradeLog*.XML
220 | UpgradeLog*.htm
221 |
222 | # SQL Server files
223 | *.mdf
224 | *.ldf
225 |
226 | # Business Intelligence projects
227 | *.rdl.data
228 | *.bim.layout
229 | *.bim_*.settings
230 |
231 | # Microsoft Fakes
232 | FakesAssemblies/
233 |
234 | # GhostDoc plugin setting file
235 | *.GhostDoc.xml
236 |
237 | # Node.js Tools for Visual Studio
238 | .ntvs_analysis.dat
239 |
240 | # Visual Studio 6 build log
241 | *.plg
242 |
243 | # Visual Studio 6 workspace options file
244 | *.opt
245 |
246 | # Visual Studio LightSwitch build output
247 | **/*.HTMLClient/GeneratedArtifacts
248 | **/*.DesktopClient/GeneratedArtifacts
249 | **/*.DesktopClient/ModelManifest.xml
250 | **/*.Server/GeneratedArtifacts
251 | **/*.Server/ModelManifest.xml
252 | _Pvt_Extensions
253 |
254 | # Paket dependency manager
255 | .paket/paket.exe
256 | paket-files/
257 |
258 | # FAKE - F# Make
259 | .fake/
260 |
261 | # JetBrains Rider
262 | .idea/
263 | *.sln.iml
264 |
265 | # CodeRush
266 | .cr/
267 |
268 | # Python Tools for Visual Studio (PTVS)
269 | __pycache__/
270 | *.pyc
271 |
272 | # Cake - Uncomment if you are using it
273 | # tools/
274 |
275 | # End of https://www.gitignore.io/api/aspnetcore
276 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder.UnitTests/NullInputTest.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Test for null
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application.Tests
21 | {
22 | using Microsoft.VisualStudio.TestTools.UnitTesting;
23 |
24 | ///
25 | /// Tests input null output null
26 | ///
27 | [TestClass]
28 | public class NullInputTest
29 | {
30 | ///
31 | /// Tests that passing a null to html encode should return a null.
32 | ///
33 | [TestMethod]
34 | public void PassingNullToHtmlEncodeReturnsNull()
35 | {
36 | const string? target = null;
37 | const string? expected = null;
38 | string? actual = Encoder.HtmlEncode(target);
39 | Assert.AreEqual(expected, actual);
40 | }
41 |
42 | ///
43 | /// Tests that passing a null to url encode should return a null.
44 | ///
45 | [TestMethod]
46 | public void PassingNullToUrlEncodeReturnsNull()
47 | {
48 | const string? target = null;
49 | const string? expected = null;
50 | string? actual = Encoder.UrlEncode(target);
51 | Assert.AreEqual(expected, actual);
52 | }
53 |
54 | ///
55 | /// Tests that passing a null to html from url enocde should return a null.
56 | ///
57 | [TestMethod]
58 | public void PassingNullToHtmlFromUrlEncodeReturnsNull()
59 | {
60 | const string? target = null;
61 | const string? expected = null;
62 | string? actual = Encoder.HtmlFormUrlEncode(target);
63 | Assert.AreEqual(expected, actual);
64 | }
65 |
66 | ///
67 | /// Tests that passing a null to xml encode should return a null.
68 | ///
69 | [TestMethod]
70 | public void PassingNullToXmlEncodeReturnsNull()
71 | {
72 | const string? target = null;
73 | const string? expected = null;
74 | string? actual = Encoder.XmlEncode(target);
75 | Assert.AreEqual(expected, actual);
76 | }
77 |
78 | ///
79 | /// Tests that passing a null to xml attribute encode should return a null.
80 | ///
81 | [TestMethod]
82 | public void PassingNullToXmlAttributeEncodeReturnsNull()
83 | {
84 | const string? target = null;
85 | const string? expected = null;
86 | string? actual = Encoder.XmlAttributeEncode(target);
87 | Assert.AreEqual(expected, actual);
88 | }
89 |
90 | ///
91 | /// Tests that passing a null to Ldap DN Encode should return a null.
92 | ///
93 | [TestMethod]
94 | public void PassingNullToLdapDistinguishedNameEncodeReturnsNull()
95 | {
96 | const string? target = null;
97 | const string? expected = null;
98 | string? actual = Encoder.LdapDistinguishedNameEncode(target);
99 | Assert.AreEqual(expected, actual);
100 | }
101 |
102 | ///
103 | /// Tests that passing a null to html attribute encode should return a null.
104 | ///
105 | [TestMethod]
106 | public void PassingNullToHtmlAttributeEncodeReturnsNull()
107 | {
108 | const string? target = null;
109 | const string? expected = null;
110 | string? actual = Encoder.HtmlAttributeEncode(target);
111 | Assert.AreEqual(expected, actual);
112 | }
113 |
114 | ///
115 | /// Tests that passing a null to Ldap Filter Encode should return a null.
116 | ///
117 | [TestMethod]
118 | public void PassingNullToLdapFilterEncodeReturnsNull()
119 | {
120 | const string? target = null;
121 | const string? expected = null;
122 | string? actual = Encoder.LdapFilterEncode(target);
123 | Assert.AreEqual(expected, actual);
124 | }
125 |
126 | ///
127 | /// Tests that passing a null to Css Encode should return a null.
128 | ///
129 | [TestMethod]
130 | public void PassingNullToCssEncodeReturnsNull()
131 | {
132 | const string? target = null;
133 | const string? expected = null;
134 | string? actual = Encoder.CssEncode(target);
135 | Assert.AreEqual(expected, actual);
136 | }
137 |
138 | ///
139 | /// Tests that passing a null to Url Path Encode should return a null.
140 | ///
141 | [TestMethod]
142 | public void PassingNullToUrlPathEncodeReturnsNull()
143 | {
144 | const string? target = null;
145 | const string? expected = null;
146 | string? actual = Encoder.UrlPathEncode(target);
147 | Assert.AreEqual(expected, actual);
148 | }
149 | }
150 | }
151 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Shared/DefaultApplicationServices.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // Wrapper for CTS application settings.
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Internal
20 | {
21 | using System;
22 | using System.Collections.Generic;
23 | using System.Configuration;
24 | using System.IO;
25 |
26 | ///
27 | /// Wrapper for CTS application settings.
28 | ///
29 | internal class DefaultApplicationServices : IApplicationServices
30 | {
31 | ///
32 | /// A blank sub section.
33 | ///
34 | private static readonly IList EmptySubSection = [];
35 |
36 | ///
37 | /// The lock used for thread safe syncronization.
38 | ///
39 | private readonly object lockObject = new();
40 |
41 | ///
42 | /// The configuration sub sections from the CTS application settings.
43 | ///
44 | private volatile Dictionary> configurationSubSections;
45 |
46 | ///
47 | /// Gets the configuration subsection specified.
48 | ///
49 | /// Name of the subsection.
50 | ///
51 | /// A list of s for the specified section.
52 | ///
53 | public IList GetConfiguration(string subSectionName)
54 | {
55 | IList subSection;
56 |
57 | if (this.configurationSubSections == null)
58 | {
59 | lock (this.lockObject)
60 | {
61 | if (this.configurationSubSections == null)
62 | {
63 | try
64 | {
65 | CtsConfigurationSection section = ConfigurationManager.GetSection("CTS") as CtsConfigurationSection;
66 |
67 | if (section != null)
68 | {
69 | this.configurationSubSections = section.SubSectionsDictionary;
70 | }
71 | else
72 | {
73 | this.configurationSubSections = new Dictionary>
74 | {
75 | { string.Empty, new List() }
76 | };
77 | }
78 |
79 | string path = ConfigurationManager.AppSettings["TemporaryStoragePath"];
80 |
81 | if (!string.IsNullOrEmpty(path))
82 | {
83 | CtsConfigurationSetting newSetting = new("TemporaryStorage");
84 | newSetting.AddArgument("Path", path);
85 |
86 | subSection = this.configurationSubSections[string.Empty];
87 |
88 | subSection.Add(newSetting);
89 | }
90 |
91 | ConfigurationManager.RefreshSection("CTS");
92 | }
93 | catch (ConfigurationErrorsException /*exception*/)
94 | {
95 | ApplicationServices.Provider.LogConfigurationErrorEvent();
96 |
97 | this.configurationSubSections = new Dictionary>
98 | {
99 | { string.Empty, new List() }
100 | };
101 | }
102 | }
103 | }
104 | }
105 |
106 | if (subSectionName == null)
107 | {
108 | subSectionName = string.Empty;
109 | }
110 |
111 | if (!this.configurationSubSections.TryGetValue(subSectionName, out subSection))
112 | {
113 | subSection = EmptySubSection;
114 | }
115 |
116 | return subSection;
117 | }
118 |
119 | ///
120 | /// Refreshes the configuration from the application configuration file.
121 | ///
122 | public void RefreshConfiguration()
123 | {
124 | ConfigurationManager.RefreshSection("appSettings");
125 |
126 | this.configurationSubSections = null;
127 | }
128 |
129 | ///
130 | /// Logs an error during configuration processing.
131 | ///
132 | public void LogConfigurationErrorEvent()
133 | {
134 | }
135 | }
136 | }
137 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/HTML/HtmlTagContext.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System;
22 | using System.Collections.Generic;
23 | using CtsResources;
24 | using Data.Internal;
25 | using Internal.Html;
26 |
27 | internal abstract class HtmlTagContext
28 | {
29 | internal enum TagWriteState
30 | {
31 | Undefined,
32 | Written,
33 | Deleted,
34 | }
35 |
36 | private byte cookie;
37 | private bool valid;
38 |
39 | private bool invokeCallbackForEndTag;
40 | private bool deleteInnerContent;
41 | private bool deleteEndTag;
42 |
43 | private bool isEndTag;
44 | [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1823:AvoidUnusedPrivateFields", Justification = "Value set by internal method call. Can't change API at this time.")]
45 | private bool isEmptyElementTag = false;
46 |
47 | private HtmlNameIndex tagNameIndex;
48 |
49 | private HtmlTagParts tagParts;
50 |
51 | ///
52 | /// Initializes a new instance of the class.
53 | ///
54 | internal HtmlTagContext()
55 | {
56 | }
57 |
58 | ///
59 | /// Gets the index of the tag name.
60 | ///
61 | /// The index of the tag name.
62 | internal HtmlNameIndex TagNameIndex
63 | {
64 | get
65 | {
66 | this.AssertContextValid();
67 | return this.tagNameIndex;
68 | }
69 | }
70 |
71 | ///
72 | /// Gets the tag parts.
73 | ///
74 | /// The tag parts.
75 | internal HtmlTagParts TagParts
76 | {
77 | get
78 | {
79 | this.AssertContextValid();
80 | return this.tagParts;
81 | }
82 | }
83 |
84 | ///
85 | /// Gets a value indicating whether this instance can invoke callback for end tag.
86 | ///
87 | ///
88 | /// true if this instance can invoke callback for end tag; otherwise, false.
89 | ///
90 | internal bool IsInvokeCallbackForEndTag
91 | {
92 | get
93 | {
94 | return this.invokeCallbackForEndTag;
95 | }
96 | }
97 |
98 | internal bool IsDeleteInnerContent
99 | {
100 | get
101 | {
102 | return this.deleteInnerContent;
103 | }
104 | }
105 |
106 | internal bool IsDeleteEndTag
107 | {
108 | get
109 | {
110 | return this.deleteEndTag;
111 | }
112 | }
113 |
114 | internal void InitializeTag(bool isEndTag, HtmlNameIndex tagNameIndex, bool droppedEndTag)
115 | {
116 | this.isEndTag = isEndTag;
117 |
118 | this.isEmptyElementTag = false;
119 | this.tagNameIndex = tagNameIndex;
120 |
121 | this.invokeCallbackForEndTag = false;
122 | this.deleteInnerContent = false;
123 | this.deleteEndTag = !this.isEndTag;
124 |
125 | this.cookie = unchecked((byte)(this.cookie + 1));
126 | }
127 |
128 | internal void InitializeFragment(bool isEmptyElementTag, int attributeCount, HtmlTagParts tagParts)
129 | {
130 | if (attributeCount >= 0x00FFFFFF)
131 | {
132 | throw new TextConvertersException();
133 | }
134 |
135 | this.isEmptyElementTag = isEmptyElementTag;
136 | this.tagParts = tagParts;
137 |
138 | this.cookie = unchecked((byte)(this.cookie + 1));
139 | this.valid = true;
140 | }
141 |
142 | internal void UninitializeFragment()
143 | {
144 | this.valid = false;
145 | }
146 |
147 | internal virtual bool GetCopyPendingStateImpl()
148 | {
149 | return false;
150 | }
151 |
152 | internal abstract string GetTagNameImpl();
153 |
154 | internal abstract HtmlAttributeId GetAttributeNameIdImpl(int attributeIndex);
155 |
156 | internal abstract HtmlAttributeParts GetAttributePartsImpl(int attributeIndex);
157 |
158 | internal abstract string GetAttributeNameImpl(int attributeIndex);
159 |
160 | internal abstract string GetAttributeValueImpl(int attributeIndex);
161 |
162 | internal abstract void WriteTagImpl(bool writeAttributes);
163 |
164 | internal virtual void DeleteTagImpl()
165 | {
166 | }
167 |
168 | internal abstract void WriteAttributeImpl(int attributeIndex, bool writeName, bool writeValue);
169 |
170 | internal void AssertContextValid()
171 | {
172 | if (!this.valid)
173 | {
174 | throw new InvalidOperationException(TextConvertersStrings.ContextNotValidInThisState);
175 | }
176 | }
177 | }
178 | }
179 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/TextConverters/COMMON/HashCode.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | //
17 | //
18 |
19 | namespace Microsoft.Exchange.Data.TextConverters
20 | {
21 | using System;
22 |
23 | internal struct HashCode
24 | {
25 | int hash1;
26 | int hash2;
27 | int offset;
28 |
29 | public HashCode(bool ignore)
30 | {
31 | this.offset = 0;
32 | this.hash1 = this.hash2 = 5381;
33 | }
34 |
35 | public static int CalculateEmptyHash()
36 | {
37 | return 5381 + unchecked(5381 * 1566083941);
38 | }
39 |
40 | public static int CalculateLowerCase(char[] buffer, int offset, int length)
41 | {
42 | int hash1 = 5381;
43 | int hash2 = hash1;
44 |
45 | HashCode.CheckArgs(buffer, offset, length);
46 |
47 | unsafe
48 | {
49 | fixed (char* src = buffer)
50 | {
51 | char* s = src + offset;
52 |
53 | while (length > 0)
54 | {
55 | hash1 = ((hash1 << 5) + hash1) ^ ParseSupport.ToLowerCase(s[0]);
56 | if (length == 1)
57 | break;
58 | hash2 = ((hash2 << 5) + hash2) ^ ParseSupport.ToLowerCase(s[1]);
59 | s += 2;
60 | length -= 2;
61 | }
62 | }
63 | }
64 |
65 | return hash1 + (hash2 * 1566083941);
66 | }
67 |
68 | public unsafe void AdvanceLowerCase(char* s, int len)
69 | {
70 | if (0 != (this.offset & 1))
71 | {
72 | this.hash2 = ((this.hash2 << 5) + this.hash2) ^ ParseSupport.ToLowerCase(s[0]);
73 | s++;
74 | len--;
75 | this.offset++;
76 | }
77 |
78 | this.offset += len;
79 |
80 | while (len > 0)
81 | {
82 | this.hash1 = ((this.hash1 << 5) + this.hash1) ^ ParseSupport.ToLowerCase(s[0]);
83 | if (len == 1)
84 | break;
85 | this.hash2 = ((this.hash2 << 5) + this.hash2) ^ ParseSupport.ToLowerCase(s[1]);
86 | s += 2;
87 | len -= 2;
88 | }
89 | }
90 |
91 | public void AdvanceLowerCase(int ucs32)
92 | {
93 | if (ucs32 >= 0x10000)
94 | {
95 | char c1 = ParseSupport.LowSurrogateCharFromUcs4(ucs32);
96 | char c2 = ParseSupport.LowSurrogateCharFromUcs4(ucs32);
97 | if (0 == ((this.offset += 2) & 1))
98 | {
99 | this.hash1 = ((this.hash1 << 5) + this.hash1) ^ c1;
100 | this.hash2 = ((this.hash2 << 5) + this.hash2) ^ c2;
101 | }
102 | else
103 | {
104 | this.hash2 = ((this.hash2 << 5) + this.hash2) ^ c1;
105 | this.hash1 = ((this.hash1 << 5) + this.hash1) ^ c2;
106 | }
107 | }
108 | else
109 | {
110 | this.AdvanceLowerCase((char)ucs32);
111 | }
112 | }
113 |
114 | public int AdvanceAndFinalizeHash(char c)
115 | {
116 | if (0 == (this.offset++ & 1))
117 | {
118 | this.hash1 = ((this.hash1 << 5) + this.hash1) ^ c;
119 | }
120 | else
121 | {
122 | this.hash2 = ((this.hash2 << 5) + this.hash2) ^ c;
123 | }
124 | return this.hash1 + (this.hash2 * 1566083941);
125 | }
126 |
127 | public void AdvanceLowerCase(char c)
128 | {
129 | if (0 == (this.offset++ & 1))
130 | {
131 | this.hash1 = ((this.hash1 << 5) + this.hash1) ^ ParseSupport.ToLowerCase(c);
132 | }
133 | else
134 | {
135 | this.hash2 = ((this.hash2 << 5) + this.hash2) ^ ParseSupport.ToLowerCase(c);
136 | }
137 | }
138 |
139 | public void AdvanceLowerCase(char[] buffer, int offset, int length)
140 | {
141 | HashCode.CheckArgs(buffer, offset, length);
142 |
143 | unsafe
144 | {
145 | fixed (char* src = buffer)
146 | {
147 | this.AdvanceLowerCase(src + offset, length);
148 | }
149 | }
150 | }
151 |
152 | private static void CheckArgs(char[] buffer, int offset, int length)
153 | {
154 | int bufferLength = buffer.Length;
155 | if (offset < 0 || offset > bufferLength)
156 | {
157 | throw new ArgumentOutOfRangeException(nameof(offset));
158 | }
159 | if (length < 0)
160 | {
161 | throw new ArgumentOutOfRangeException(nameof(length));
162 | }
163 | if (offset + length < offset ||
164 | offset + length > bufferLength)
165 | {
166 | throw new ArgumentOutOfRangeException("offset + length");
167 | }
168 | }
169 |
170 | public int FinalizeHash()
171 | {
172 | return this.hash1 + (this.hash2 * 1566083941);
173 | }
174 | }
175 | }
176 |
177 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.HtmlSanitization/Shared/InternalDebug.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | // A class to provides internal debugging services
16 | //
17 | // --------------------------------------------------------------------------------------------------------------------
18 |
19 | namespace Microsoft.Exchange.Data.Internal
20 | {
21 | using System;
22 | using System.Diagnostics;
23 | using System.Runtime.Serialization;
24 |
25 | ///
26 | /// A class to provides internal debugging services.
27 | ///
28 | internal static class InternalDebug
29 | {
30 | ///
31 | /// Gets or sets a value indicating whether to use system diagnostics debug and tracing..
32 | ///
33 | ///
34 | /// true if [use system diagnostics]; otherwise, false.
35 | ///
36 | [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode", Justification = "Valid when precompiler DEBUG is true.")]
37 | internal static bool UseSystemDiagnostics
38 | {
39 | get;
40 | set;
41 | }
42 |
43 | ///
44 | /// Writes information about the trace to the trace listeners.
45 | ///
46 | /// Type of the trace.
47 | /// The format of the trace.
48 | /// The trace objects.
49 | [Conditional("DEBUG")]
50 | public static void Trace(long traceType, string format, params object[] traceObjects)
51 | {
52 | #if DEBUG
53 | if (UseSystemDiagnostics)
54 | {
55 | }
56 | #endif
57 | }
58 |
59 | ///
60 | /// Evaluates an expression and, when the result is false, prints a diagnostic message and aborts the program.
61 | ///
62 | /// Expression (including pointers) that evaluates to nonzero or 0.
63 | /// The format string to throw if the assert fails.
64 | [Conditional("DEBUG")]
65 | public static void Assert(bool condition, string formatString)
66 | {
67 | #if DEBUG
68 | if (!UseSystemDiagnostics)
69 | {
70 | if (!condition)
71 | {
72 | throw new DebugAssertionViolationException(formatString);
73 | }
74 | }
75 | else
76 | {
77 | Debug.Assert(condition, formatString);
78 | }
79 | #endif
80 | }
81 |
82 | ///
83 | /// Evaluates an expression and, when the result is false, prints a diagnostic message and aborts the program.
84 | ///
85 | /// Expression (including pointers) that evaluates to nonzero or 0.
86 | [Conditional("DEBUG")]
87 | public static void Assert(bool condition)
88 | {
89 | #if DEBUG
90 | if (!UseSystemDiagnostics)
91 | {
92 | if (!condition)
93 | {
94 | throw new DebugAssertionViolationException("Assertion failed");
95 | }
96 | }
97 | else
98 | {
99 | Debug.Assert(condition, string.Empty);
100 | }
101 | #endif
102 | }
103 |
104 | ///
105 | /// An exception thrown when a debug assertion fails.
106 | ///
107 | internal class DebugAssertionViolationException : Exception
108 | {
109 | ///
110 | /// Initializes a new instance of the class.
111 | ///
112 | public DebugAssertionViolationException()
113 | {
114 | }
115 |
116 | ///
117 | /// Initializes a new instance of the class.
118 | ///
119 | /// The exception message.
120 | public DebugAssertionViolationException(string message) : base(message)
121 | {
122 | }
123 |
124 | ///
125 | /// Initializes a new instance of the class.
126 | ///
127 | /// The that holds the serialized object data about the exception being thrown.
128 | /// The that contains contextual information about the source or destination.
129 | ///
130 | /// The parameter is null.
131 | ///
132 | ///
133 | /// The class name is null or is zero (0).
134 | ///
135 | protected DebugAssertionViolationException(SerializationInfo info,
136 | StreamingContext context) : base(info, context)
137 | {
138 | }
139 | }
140 | }
141 | }
142 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder.UnitTests/EmptyStringTests.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2008, 2009, 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Test for Empty String
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application.Tests
21 | {
22 | using Microsoft.VisualStudio.TestTools.UnitTesting;
23 |
24 | ///
25 | /// Tests input Empty String output Empty String
26 | ///
27 | [TestClass]
28 | public class EmptyStringTests
29 | {
30 | ///
31 | /// Tests that passing a empty string to html encode should return a empty string.
32 | ///
33 | [TestMethod]
34 | public void PassingEmptyStringToHtmlEncodeReturnsEmptyString()
35 | {
36 | string target = string.Empty;
37 | string expected = string.Empty;
38 | string actual = Encoder.HtmlEncode(target);
39 | Assert.AreEqual(expected, actual);
40 | }
41 |
42 | ///
43 | /// Tests that passing a empty string to url encode should return a empty string.
44 | ///
45 | [TestMethod]
46 | public void PassingEmptyStringToUrlEncodeReturnsEmptyString()
47 | {
48 | string target = string.Empty;
49 | string expected = string.Empty;
50 | string actual = Encoder.UrlEncode(target);
51 | Assert.AreEqual(expected, actual);
52 | }
53 |
54 | ///
55 | /// Tests that passing a empty string to html from url enocde should return a empty string.
56 | ///
57 | [TestMethod]
58 | public void PassingEmptyStringToHtmlFromUrlEncodeReturnsEmptyString()
59 | {
60 | string target = string.Empty;
61 | string expected = string.Empty;
62 | string actual = Encoder.HtmlFormUrlEncode(target);
63 | Assert.AreEqual(expected, actual);
64 | }
65 |
66 | ///
67 | /// Tests that passing a empty string to xml encode should return a empty string.
68 | ///
69 | [TestMethod]
70 | public void PassingEmptyStringToXmlEncodeReturnsEmptyString()
71 | {
72 | string target = string.Empty;
73 | string expected = string.Empty;
74 | string actual = Encoder.XmlEncode(target);
75 | Assert.AreEqual(expected, actual);
76 | }
77 |
78 | ///
79 | /// Tests that passing a empty string to xml attribute encode should return a empty string.
80 | ///
81 | [TestMethod]
82 | public void PassingEmptyStringToXmlAttributeEncodeReturnsEmptyString()
83 | {
84 | string target = string.Empty;
85 | string expected = string.Empty;
86 | string actual = Encoder.XmlAttributeEncode(target);
87 | Assert.AreEqual(expected, actual);
88 | }
89 |
90 | ///
91 | /// Tests that passing a empty string to Ldap DN Encode should return a empty string.
92 | ///
93 | [TestMethod]
94 | public void PassingEmptyStringToLdapDistinguishedNameEncodeReturnsEmptyString()
95 | {
96 | string target = string.Empty;
97 | string expected = string.Empty;
98 | string actual = Encoder.LdapDistinguishedNameEncode(target);
99 | Assert.AreEqual(expected, actual);
100 | }
101 |
102 | ///
103 | /// Tests that passing a empty string to html attribute encode should return a empty string.
104 | ///
105 | [TestMethod]
106 | public void PassingEmptyStringToHtmlAttributeEncodeReturnsEmptyString()
107 | {
108 | string target = string.Empty;
109 | string expected = string.Empty;
110 | string actual = Encoder.HtmlAttributeEncode(target);
111 | Assert.AreEqual(expected, actual);
112 | }
113 |
114 | ///
115 | /// Tests that passing a empty string to Ldap Filter Encode should return a empty string.
116 | ///
117 | [TestMethod]
118 | public void PassingEmptyStringToLdapFilterEncodeReturnsEmptyString()
119 | {
120 | string target = string.Empty;
121 | string expected = string.Empty;
122 | string actual = Encoder.LdapFilterEncode(target);
123 | Assert.AreEqual(expected, actual);
124 | }
125 |
126 | ///
127 | /// Tests that passing a empty string to Css Encode should return a empty string.
128 | ///
129 | [TestMethod]
130 | public void PassingEmptyStringToCssEncodeReturnsEmptyString()
131 | {
132 | string target = string.Empty;
133 | string expected = string.Empty;
134 | string actual = Encoder.CssEncode(target);
135 | Assert.AreEqual(expected, actual);
136 | }
137 |
138 | ///
139 | /// Tests that passing a empty string to URL Path Encode should return a empty string.
140 | ///
141 | [TestMethod]
142 | public void PassingEmptyStringToUrlPathEncodeReturnsEmptyString()
143 | {
144 | string target = string.Empty;
145 | string expected = string.Empty;
146 | string actual = Encoder.UrlPathEncode(target);
147 | Assert.AreEqual(expected, actual);
148 | }
149 | }
150 | }
151 |
--------------------------------------------------------------------------------
/Microsoft.Security.Application.Encoder/InvalidSurrogatePairException.cs:
--------------------------------------------------------------------------------
1 | // --------------------------------------------------------------------------------------------------------------------
2 | //
3 | // Copyright (c) 2010 All Rights Reserved, Microsoft Corporation
4 | //
5 | // This source is subject to the Microsoft Permissive License.
6 | // Please see the License.txt file for more information.
7 | // All other rights reserved.
8 | //
9 | // THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
10 | // KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
11 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
12 | // PARTICULAR PURPOSE.
13 | //
14 | //
15 | //
16 | // Thrown when a bad surrogate pair is encountered.
17 | //
18 | // --------------------------------------------------------------------------------------------------------------------
19 |
20 | namespace Microsoft.Security.Application
21 | {
22 | using System;
23 | using System.Globalization;
24 | using System.Runtime.Serialization;
25 | using System.Security.Permissions;
26 |
27 | ///
28 | /// Thrown when a bad surrogate pair is encountered.
29 | ///
30 | [Serializable]
31 | public class InvalidSurrogatePairException : Exception
32 | {
33 | [NonSerialized]
34 | private char highSurrogate;
35 |
36 | [NonSerialized]
37 | private char lowSurrogate;
38 |
39 | ///
40 | /// Initializes a new instance of the class.
41 | ///
42 | public InvalidSurrogatePairException()
43 | {
44 | }
45 |
46 | ///
47 | /// Initializes a new instance of the class.
48 | ///
49 | /// The message.
50 | public InvalidSurrogatePairException(string message)
51 | : base(message)
52 | {
53 | }
54 |
55 | ///
56 | /// Initializes a new instance of the class.
57 | ///
58 | /// The message.
59 | /// The inner exception.
60 | public InvalidSurrogatePairException(string message, Exception inner)
61 | : base(message, inner)
62 | {
63 | }
64 |
65 | ///
66 | /// Initializes a new instance of the class.
67 | ///
68 | /// The high surrogate value which caused the error.
69 | /// The low surrogate value which caused the error.
70 | public InvalidSurrogatePairException(char highSurrogate, char lowSurrogate)
71 | {
72 | this.HighSurrogate = highSurrogate;
73 | this.LowSurrogate = lowSurrogate;
74 | }
75 |
76 | ///
77 | /// Initializes a new instance of the class.
78 | ///
79 | /// The message.
80 | /// The high surrogate value which caused the error.
81 | /// The low surrogate value which caused the error.
82 | public InvalidSurrogatePairException(string message, char highSurrogate, char lowSurrogate)
83 | : base(message)
84 | {
85 | this.HighSurrogate = highSurrogate;
86 | this.LowSurrogate = lowSurrogate;
87 | }
88 |
89 |
90 | ///
91 | protected InvalidSurrogatePairException(SerializationInfo info, StreamingContext context)
92 | : base(info, context)
93 | {
94 | this.HighSurrogate = info.GetChar(nameof(this.HighSurrogate));
95 | this.LowSurrogate = info.GetChar(nameof(this.LowSurrogate));
96 | }
97 |
98 | ///
99 | /// Gets or sets the high surrogate value.
100 | ///
101 | /// The high surrogate.
102 | public char HighSurrogate
103 | {
104 | get => this.highSurrogate;
105 | protected set => this.highSurrogate = value;
106 | }
107 |
108 | ///
109 | /// Gets or sets the low surrogate value.
110 | ///
111 | /// The low surrogate.
112 | public char LowSurrogate
113 | {
114 | get => this.lowSurrogate;
115 | protected set => this.lowSurrogate = value;
116 | }
117 |
118 | ///
119 | /// Gets a message that describes the current exception.
120 | ///
121 | /// The error message that explains the reason for the exception, or an empty string("").
122 | public override string Message
123 | {
124 | get
125 | {
126 | if (this.HighSurrogate == 0 && this.LowSurrogate == 0)
127 | {
128 | return base.Message;
129 | }
130 |
131 | string surrogatePair = string.Format(
132 | CultureInfo.CurrentCulture,
133 | "Surrogate Pair = {0:x4}:{1:x4}",
134 | Convert.ToInt32(this.HighSurrogate),
135 | Convert.ToInt32(this.LowSurrogate));
136 |
137 | return surrogatePair + Environment.NewLine + "Message: " + base.Message;
138 | }
139 | }
140 |
141 | ///
142 | [SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
143 | public override void GetObjectData(SerializationInfo info, StreamingContext context)
144 | {
145 | if (info == null)
146 | {
147 | throw new ArgumentNullException(nameof(info));
148 | }
149 |
150 | info.AddValue(nameof(this.HighSurrogate), this.HighSurrogate);
151 | info.AddValue(nameof(this.LowSurrogate), this.LowSurrogate);
152 | base.GetObjectData(info, context);
153 | }
154 | }
155 | }
156 |
--------------------------------------------------------------------------------