You've already forked linux-packaging-mono
Imported Upstream version 4.6.0.125
Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4
This commit is contained in:
Xamarin Public Jenkins (auto-signing)
parent
a569aebcfd
commit
e79aa3c0ed
@ -0,0 +1,97 @@
|
||||
//------------------------------------------------------------------------------
|
||||
// <copyright file="CssEncoder.cs" company="Microsoft">
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
// </copyright>
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
namespace System.Web.Security.AntiXss {
|
||||
using System;
|
||||
using System.Collections;
|
||||
using System.Text;
|
||||
using System.Threading;
|
||||
|
||||
/// <summary>
|
||||
/// Provides CSS Encoding methods.
|
||||
/// </summary>
|
||||
internal static class CssEncoder {
|
||||
|
||||
/// <summary>
|
||||
/// The values to output for each character.
|
||||
/// </summary>
|
||||
private static Lazy<char[][]> characterValuesLazy = new Lazy<char[][]>(InitialiseSafeList);
|
||||
|
||||
/// <summary>
|
||||
/// Encodes according to the CSS encoding rules.
|
||||
/// </summary>
|
||||
/// <param name="input">The string to encode.</param>
|
||||
/// <returns>The encoded string.</returns>
|
||||
internal static string Encode(string input) {
|
||||
if (string.IsNullOrEmpty(input)) {
|
||||
return input;
|
||||
}
|
||||
|
||||
char[][] characterValues = characterValuesLazy.Value;
|
||||
|
||||
// Setup a new StringBuilder for output.
|
||||
// Worse case scenario - CSS encoding wants \XXXXXX for encoded characters.
|
||||
StringBuilder builder = EncoderUtil.GetOutputStringBuilder(input.Length, 7 /* worstCaseOutputCharsPerInputChar */);
|
||||
|
||||
Utf16StringReader stringReader = new Utf16StringReader(input);
|
||||
while (true) {
|
||||
int currentCodePoint = stringReader.ReadNextScalarValue();
|
||||
if (currentCodePoint < 0) {
|
||||
break; // EOF
|
||||
}
|
||||
|
||||
if (currentCodePoint >= characterValues.Length) {
|
||||
// We don't have a pre-generated mapping of characters beyond the U+00FF, so we need
|
||||
// to generate these encodings on-the-fly. We should encode the code point rather
|
||||
// than the surrogate code units that make up this code point.
|
||||
// See: http://www.w3.org/International/questions/qa-escapes#cssescapes
|
||||
|
||||
char[] encodedCharacter = SafeList.SlashThenSixDigitHexValueGenerator(currentCodePoint);
|
||||
builder.Append(encodedCharacter);
|
||||
}
|
||||
else if (characterValues[currentCodePoint] != null) {
|
||||
// character needs to be encoded
|
||||
char[] encodedCharacter = characterValues[currentCodePoint];
|
||||
builder.Append(encodedCharacter);
|
||||
}
|
||||
else {
|
||||
// character does not need encoding
|
||||
builder.Append((char)currentCodePoint);
|
||||
}
|
||||
}
|
||||
|
||||
return builder.ToString();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Initializes the HTML safe list.
|
||||
/// </summary>
|
||||
private static char[][] InitialiseSafeList() {
|
||||
char[][] result = SafeList.Generate(0xFF, SafeList.SlashThenSixDigitHexValueGenerator);
|
||||
SafeList.PunchSafeList(ref result, CssSafeList());
|
||||
return result;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Provides the safe characters for CS encoding.
|
||||
/// </summary>
|
||||
/// <returns>The safe characters for CSS encoding.</returns>
|
||||
/// <remarks>See http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet </remarks>
|
||||
private static IEnumerable CssSafeList() {
|
||||
for (int i = '0'; i <= '9'; i++) {
|
||||
yield return i;
|
||||
}
|
||||
|
||||
for (int i = 'A'; i <= 'Z'; i++) {
|
||||
yield return i;
|
||||
}
|
||||
|
||||
for (int i = 'a'; i <= 'z'; i++) {
|
||||
yield return i;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user