yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes regression issue with xss

Browse Source
This commit is contained in:
Shannon
2015-09-09 21:41:06 +02:00
parent ed8c9daa8a
commit 02e9866398
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Umbraco.Core/StringExtensions.cs
View File

@@ -170,13 +170,14 @@ namespace Umbraco.Core
/// Cleans string to aid in preventing xss attacks.
/// </summary>
/// <param name="input"></param>
/// <param name="ignoreFromClean"></param>
/// <returns></returns>
internal static string CleanForXss(this string input)
internal static string CleanForXss(this string input, params char[] ignoreFromClean)
{
//remove any html
input = input.StripHtml();
//strip out any potential chars involved with XSS
return input.ExceptChars(new HashSet<char>("*?(){}[];:%<>/\\|&'\"".ToCharArray()));
return input.ExceptChars(new HashSet<char>("*?(){}[];:%<>/\\|&'\"".ToCharArray().Except(ignoreFromClean)));
}
public static string ExceptChars(this string str, HashSet<char> toExclude)