diff --git a/Web.HtmlSanitizer.Tests/AttributeCheckTests.cs b/Web.HtmlSanitizer.Tests/AttributeCheckTests.cs
index b540a90..1b55a08 100644
--- a/Web.HtmlSanitizer.Tests/AttributeCheckTests.cs
+++ b/Web.HtmlSanitizer.Tests/AttributeCheckTests.cs
@@ -51,7 +51,9 @@ public void AHrefUrlCheckRelativeTest()
}
-
+ ///
+ /// Verifies the functioning of the URL check on src attributes.
+ ///
[Fact]
public void ImgSrcUrlCheckTest()
{
@@ -67,7 +69,7 @@ public void ImgSrcUrlCheckTest()
Assert.Equal(expectedIllegal, result);
// Test a legal well formed url
- var inputLegal = @"![]()
>";
+ var inputLegal = @"![]()
";
result = sanitizer.Sanitize(inputLegal);
Assert.Equal(inputLegal, result);
}
diff --git a/Web.HtmlSanitizer/HtmlSanitizer.cs b/Web.HtmlSanitizer/HtmlSanitizer.cs
index 259bfc8..1811e0a 100644
--- a/Web.HtmlSanitizer/HtmlSanitizer.cs
+++ b/Web.HtmlSanitizer/HtmlSanitizer.cs
@@ -59,7 +59,7 @@ public HtmlSanitizer()
private void RegisterChecks()
{
- AttributeCheckRegistry.Add(HtmlSanitizerCheckType.Url, new HtmlSanitizerAttributeCheckHandler(LinkHrefCheck));
+ AttributeCheckRegistry.Add(HtmlSanitizerCheckType.Url, new HtmlSanitizerAttributeCheckHandler(UrlCheckHandler));
AttributeCheckRegistry.Add(HtmlSanitizerCheckType.AllowAttribute, new HtmlSanitizerAttributeCheckHandler(x => SanitizerOperation.DoNothing));
}
@@ -100,13 +100,14 @@ public static bool AttributeUrlCheck(HtmlAttribute attribute)
}
///
- /// Checks if the href attribute contains a valid link.
+ /// Checks if the attribute contains a valid link.
///
///
///
- public static SanitizerOperation LinkHrefCheck(HtmlAttribute attribute)
+ public static SanitizerOperation UrlCheckHandler(HtmlAttribute attribute)
{
- // Check the url. There's no use in keeping link tags without a link, so flatten the tag on failure.
+
+ // Check the url. We assume that there's no use in keeping for example a link tag without a href, so flatten the tag on failure.
if (!AttributeUrlCheck(attribute))
return SanitizerOperation.FlattenTag;
diff --git a/Web.HtmlSanitizer/Properties/AssemblyInfo.cs b/Web.HtmlSanitizer/Properties/AssemblyInfo.cs
index 0867b8b..01053d9 100644
--- a/Web.HtmlSanitizer/Properties/AssemblyInfo.cs
+++ b/Web.HtmlSanitizer/Properties/AssemblyInfo.cs
@@ -32,5 +32,5 @@
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.1.3.0")]
-[assembly: AssemblyFileVersion("1.1.3.0")]
+[assembly: AssemblyVersion("1.1.4.0")]
+[assembly: AssemblyFileVersion("1.1.4.0")]
diff --git a/Web.HtmlSanitizer/Web.HtmlSanitizer.nuspec b/Web.HtmlSanitizer/Web.HtmlSanitizer.nuspec
index 6a7038b..9be89b1 100644
--- a/Web.HtmlSanitizer/Web.HtmlSanitizer.nuspec
+++ b/Web.HtmlSanitizer/Web.HtmlSanitizer.nuspec
@@ -2,7 +2,7 @@
Vereyon.Web.HtmlSanitizer
- 1.1.3.0
+ 1.1.4.0
HtmlRuleSanitizer
Vereyon
Vereyon
@@ -10,7 +10,7 @@
https://github.com/Vereyon/HtmlRuleSanitizer
false
Rule based HTML sanitizer using a white list. Documentation at: https://github.com/Vereyon/HtmlRuleSanitizer
- Fixed relative urls not passing check.
+ Fixed unclosed tags not being handled correctly. Added url checks for src attributes.
Copyright 2016
ASP.NET MVC HTML sanitizer XSS antixss anti security