Merge pull request #286 from The-Nutty/master

Include html Tag in FilterUrlEventArgs
mganss · Jun 12, 2021 · 1985595 · 1985595
2 parents 918dba9 + 5994589
commit 1985595
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/src/HtmlSanitizer/EventArgs.cs b/src/HtmlSanitizer/EventArgs.cs
@@ -308,15 +308,25 @@ public class FilterUrlEventArgs: EventArgs
         /// </value>
         public string? SanitizedUrl { get; set; }
 
+        /// <summary>
+        /// Gets or sets the tag containing the URI being sanitized.
+        /// </summary>
+        /// <value>
+        /// The tag.
+        /// </value>
+        public IElement Tag { get; private set; }
+
         /// <summary>
         /// Initializes a new instance of the <see cref="FilterUrlEventArgs"/> class.
         /// </summary>
+        /// <param name="tag">The tag containing the URI being sanitized.</param>
         /// <param name="originalUrl">The original URL.</param>
         /// <param name="sanitizedUrl">The sanitized URL.</param>
-        public FilterUrlEventArgs(string originalUrl, string? sanitizedUrl = null)
+        public FilterUrlEventArgs(IElement tag, string originalUrl, string? sanitizedUrl = null)
         {
             OriginalUrl = originalUrl;
             SanitizedUrl = sanitizedUrl;
+            Tag = tag;
         }
     }
 }
diff --git a/src/HtmlSanitizer/HtmlSanitizer.cs b/src/HtmlSanitizer/HtmlSanitizer.cs
@@ -679,7 +679,7 @@ private void DoSanitize(IHtmlDocument dom, IParentNode context, string baseUrl =
                 // sanitize URLs in URL-marked attributes
                 foreach (var attribute in tag.Attributes.Where(IsUriAttribute).ToList())
                 {
-                    var url = SanitizeUrl(attribute.Value, baseUrl);
+                    var url = SanitizeUrl(tag, attribute.Value, baseUrl);
                     if (url == null)
                         RemoveAttribute(tag, attribute, RemoveReason.NotAllowedUrlValue);
                     else
@@ -895,11 +895,11 @@ private void SanitizeStyleDeclaration(IElement element, ICssStyleDeclaration sty
 
                 if (urls.Count > 0)
                 {
-                    if (urls.Cast<Match>().Any(m => SanitizeUrl(m.Groups[2].Value, baseUrl) == null))
+                    if (urls.Cast<Match>().Any(m => SanitizeUrl(element, m.Groups[2].Value, baseUrl) == null))
                         removeStyles.Add(new Tuple<ICssProperty, RemoveReason>(style, RemoveReason.NotAllowedUrlValue));
                     else
                     {
-                        var s = CssUrl.Replace(val, m => "url(" + m.Groups[1].Value + SanitizeUrl(m.Groups[2].Value, baseUrl) + m.Groups[3].Value);
+                        var s = CssUrl.Replace(val, m => "url(" + m.Groups[1].Value + SanitizeUrl(element, m.Groups[2].Value, baseUrl) + m.Groups[3].Value);
                         if (s != val)
                         {
                             if (key != style.Name)
@@ -966,10 +966,11 @@ protected static string DecodeCss(string css)
         /// <summary>
         /// Sanitizes a URL.
         /// </summary>
+        /// <param name="element">The tag containing the URL being sanitized</param>
         /// <param name="url">The URL.</param>
         /// <param name="baseUrl">The base URL relative URLs are resolved against (empty or null for no resolution).</param>
         /// <returns>The sanitized URL or null if no safe URL can be created.</returns>
-        protected virtual string? SanitizeUrl(string url, string baseUrl)
+        protected virtual string? SanitizeUrl(IElement element, string url, string baseUrl)
         {
             var iri = GetSafeIri(url);
 
@@ -992,7 +993,7 @@ protected static string DecodeCss(string css)
                 else iri = null;
             }
 
-            var e = new FilterUrlEventArgs(url, iri?.Value);
+            var e = new FilterUrlEventArgs(element, url, iri?.Value);
             OnFilteringUrl(e);
 
             return e.SanitizedUrl;