Refactor
:my
=>
'code'
Codes
Refactorings
Popular
Best
Submit
Spam
Account
Logout
Login
JavaScript doesn't seem to be activated, expect things to be ugly and sloppy!
Learn How to Create Your Own Programming Language
createyourproglang.com
Recent
Ultra lightweight message "popup" at top of parent element
Good way to output menu with submenu through a module?!
Moving Code from Controller to Model
Get Site Information with PHP
Help with module?!
Node.js: Calculating total filesize of 3 files
convert single itemed sub-arrays into string
Access HashMap key by value
Language Selection
Generating a list of 3 entries with the rest hidden
Popular
Good way to output menu with submenu through a module?!
Ultra lightweight message "popup" at top of parent element
Moving Code from Controller to Model
Double 'if'
Language Selection
Help with module?!
Fetch and parse feeds with feedzirra
Generating a list of 3 entries with the rest hidden
Access HashMap key by value
Node.js: Calculating total filesize of 3 files
Pastable version of
Sanitize HTML
<div style="overflow:auto;border:solid 1px #ccc;background:#000;color:#F8F8F8"> <div class="section"> <pre style="float:left;margin:0 10px;border-right:0;color:#666;">1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51</pre> <pre class="sunburst"><span style="color:#E28964;">private</span> <span style="color:#E28964;">static</span> Regex _tags = <span style="color:#E28964;">new</span> Regex(<span style="color:#65B042;"><span style="color:#65B042;">"</span><[^>]*(>|$)<span style="color:#65B042;">"</span></span>, RegexOptions.Singleline | RegexOptions.ExplicitCapture | RegexOptions.Compiled); <span style="color:#E28964;">private</span> <span style="color:#E28964;">static</span> Regex _whitelist = <span style="color:#E28964;">new</span> Regex(@<span style="color:#65B042;"><span style="color:#65B042;">"</span></span> <span style="color:#65B042;"> ^</?(b(lockquote)?|code|d(d|t|l|el)|em|h(1|2|3)|i|kbd|li|ol|p(re)?|s(ub|up|trong|trike)?|ul)>$|</span> <span style="color:#65B042;"> ^<(b|h)r<span style="color:#DDF2A4;">\s</span>?/?>$<span style="color:#65B042;">"</span></span>, RegexOptions.Singleline | RegexOptions.ExplicitCapture | RegexOptions.Compiled | RegexOptions.IgnorePatternWhitespace); <span style="color:#E28964;">private</span> <span style="color:#E28964;">static</span> Regex _whitelist_a = <span style="color:#E28964;">new</span> Regex(@<span style="color:#65B042;"><span style="color:#65B042;">"</span></span> <span style="color:#65B042;"> ^<a<span style="color:#DDF2A4;">\s</span></span> <span style="color:#65B042;"> href=<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>(<span style="color:#DDF2A4;">\#</span><span style="color:#DDF2A4;">\d</span>+|(https?|ftp)://[-a-z0-9+&@#/%?=~_|!:,.;<span style="color:#DDF2A4;">\(</span><span style="color:#DDF2A4;">\)</span>]+)<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span></span> <span style="color:#65B042;"> (<span style="color:#DDF2A4;">\s</span>title=<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>[^<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span><>]+<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>)?<span style="color:#DDF2A4;">\s</span>?>$|</span> <span style="color:#65B042;"> ^</a>$<span style="color:#65B042;">"</span></span>, RegexOptions.Singleline | RegexOptions.ExplicitCapture | RegexOptions.Compiled | RegexOptions.IgnorePatternWhitespace); <span style="color:#E28964;">private</span> <span style="color:#E28964;">static</span> Regex _whitelist_img = <span style="color:#E28964;">new</span> Regex(@<span style="color:#65B042;"><span style="color:#65B042;">"</span></span> <span style="color:#65B042;"> ^<img<span style="color:#DDF2A4;">\s</span></span> <span style="color:#65B042;"> src=<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>https?://[-a-z0-9+&@#/%?=~_|!:,.;<span style="color:#DDF2A4;">\(</span><span style="color:#DDF2A4;">\)</span>]+<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span></span> <span style="color:#65B042;"> (<span style="color:#DDF2A4;">\s</span>width=<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span><span style="color:#DDF2A4;">\d</span>{1,3}<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>)?</span> <span style="color:#65B042;"> (<span style="color:#DDF2A4;">\s</span>height=<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span><span style="color:#DDF2A4;">\d</span>{1,3}<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>)?</span> <span style="color:#65B042;"> (<span style="color:#DDF2A4;">\s</span>alt=<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>[^<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span><>]*<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>)?</span> <span style="color:#65B042;"> (<span style="color:#DDF2A4;">\s</span>title=<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>[^<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span><>]*<span style="color:#65B042;">"</span></span><span style="color:#65B042;"><span style="color:#65B042;">"</span>)?</span> <span style="color:#65B042;"> <span style="color:#DDF2A4;">\s</span>?/?>$<span style="color:#65B042;">"</span></span>, RegexOptions.Singleline | RegexOptions.ExplicitCapture | RegexOptions.Compiled | RegexOptions.IgnorePatternWhitespace); <span style="color:#AEAEAE;font-style:italic;"><span style="color:#AEAEAE;font-style:italic;">//</span>/ <summary></span> <span style="color:#AEAEAE;font-style:italic;"><span style="color:#AEAEAE;font-style:italic;">//</span>/ sanitize any potentially dangerous tags from the provided raw HTML input using </span> <span style="color:#AEAEAE;font-style:italic;"><span style="color:#AEAEAE;font-style:italic;">//</span>/ a whitelist based approach, leaving the "safe" HTML tags</span> <span style="color:#AEAEAE;font-style:italic;"><span style="color:#AEAEAE;font-style:italic;">//</span>/ CODESNIPPET:4100A61A-1711-4366-B0B0-144D1179A937</span> <span style="color:#AEAEAE;font-style:italic;"><span style="color:#AEAEAE;font-style:italic;">//</span>/ </summary></span> <span style="color:#E28964;">public</span> <span style="color:#E28964;">static</span> <span style="color:#99CF50;">string</span> Sanitize(<span style="color:#99CF50;">string</span> html) { <span style="color:#E28964;">if</span> (String.IsNullOrEmpty(html)) <span style="color:#E28964;">return</span> html; <span style="color:#99CF50;">string</span> tagname; Match tag; <span style="color:#AEAEAE;font-style:italic;"><span style="color:#AEAEAE;font-style:italic;">//</span> match every HTML tag in the input</span> MatchCollection tags = _tags.Matches(html); <span style="color:#E28964;">for</span> (<span style="color:#99CF50;">int</span> i = tags.Count - <span style="color:#3387CC;">1</span>; i > -<span style="color:#3387CC;">1</span>; i--) { tag = tags[i]; tagname = tag.Value.ToLowerInvariant(); <span style="color:#E28964;">if</span>(!(_whitelist.IsMatch(tagname) || _whitelist_a.IsMatch(tagname) || _whitelist_img.IsMatch(tagname))) { html = html.Remove(tag.Index, tag.Length); System.Diagnostics.Debug.WriteLine(<span style="color:#65B042;"><span style="color:#65B042;">"</span>tag sanitized: <span style="color:#65B042;">"</span></span> + tagname); } } <span style="color:#E28964;">return</span> html; } </pre> </div> </div> <a href="http://refactormycode.com/codes/333-sanitize-html" style="color:#fff" title="As seen on RefactorMyCode.com"><img alt="Small_logo" src="http://refactormycode.com/images/small_logo.gif" style="border:0" /></a>