From 0886ada39c4651fcd0a8bec5bce4358972791c45 Mon Sep 17 00:00:00 2001 From: Ronald Barendse Date: Fri, 19 Jun 2020 11:41:16 +0200 Subject: [PATCH] Properly HTML encode text in helper methods (#6545) --- .../PublishedContent/IndexedArrayItem.cs | 293 +++++++++++++++++- src/Umbraco.Web/HtmlHelperRenderExtensions.cs | 77 +++-- src/Umbraco.Web/HtmlStringUtilities.cs | 14 +- src/Umbraco.Web/Mvc/HtmlTagWrapperTextNode.cs | 2 +- src/Umbraco.Web/PublishedContentExtensions.cs | 149 ++++++++- 5 files changed, 489 insertions(+), 46 deletions(-) diff --git a/src/Umbraco.Core/Models/PublishedContent/IndexedArrayItem.cs b/src/Umbraco.Core/Models/PublishedContent/IndexedArrayItem.cs index 5dc42cc542..f7d13fcf90 100644 --- a/src/Umbraco.Core/Models/PublishedContent/IndexedArrayItem.cs +++ b/src/Umbraco.Core/Models/PublishedContent/IndexedArrayItem.cs @@ -2,168 +2,441 @@ namespace Umbraco.Core.Models.PublishedContent { + /// + /// Represents an item in an array that stores its own index and the total count. + /// + /// The type of the content. public class IndexedArrayItem { + /// + /// Initializes a new instance of the class. + /// + /// The content. + /// The index. public IndexedArrayItem(TContent content, int index) { Content = content; Index = index; } + /// + /// Gets the content. + /// + /// + /// The content. + /// public TContent Content { get; } + /// + /// Gets the index. + /// + /// + /// The index. + /// public int Index { get; } + /// + /// Gets the total count. + /// + /// + /// The total count. + /// public int TotalCount { get; internal set; } + /// + /// Determines whether this item is the first. + /// + /// + /// true if this item is the first; otherwise, false. + /// public bool IsFirst() { return Index == 0; } + /// + /// If this item is the first, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsFirst(string valueIfTrue) { return IsFirst(valueIfTrue, string.Empty); } + /// + /// If this item is the first, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsFirst(string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsFirst() ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsFirst() ? valueIfTrue : valueIfFalse)); } + /// + /// Determines whether this item is not the first. + /// + /// + /// true if this item is not the first; otherwise, false. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public bool IsNotFirst() { return IsFirst() == false; } + /// + /// If this item is not the first, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsNotFirst(string valueIfTrue) { return IsNotFirst(valueIfTrue, string.Empty); } + /// + /// If this item is not the first, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsNotFirst(string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsNotFirst() ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsNotFirst() ? valueIfTrue : valueIfFalse)); } + /// + /// Determines whether this item is at the specified . + /// + /// The index. + /// + /// true if this item is at the specified ; otherwise, false. + /// public bool IsIndex(int index) { return Index == index; } + /// + /// If this item is at the specified , the HTML encoded will be returned; otherwise, . + /// + /// The index. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsIndex(int index, string valueIfTrue) { return IsIndex(index, valueIfTrue, string.Empty); } + /// + /// If this item is at the specified , the HTML encoded will be returned; otherwise, . + /// + /// The index. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsIndex(int index, string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsIndex(index) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsIndex(index) ? valueIfTrue : valueIfFalse)); } + /// + /// Determines whether this item is at an index that can be divided by the specified . + /// + /// The modulus. + /// + /// true if this item is at an index that can be divided by the specified ; otherwise, false. + /// public bool IsModZero(int modulus) { return Index % modulus == 0; } + /// + /// If this item is at an index that can be divided by the specified , the HTML encoded will be returned; otherwise, . + /// + /// The modulus. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsModZero(int modulus, string valueIfTrue) { return IsModZero(modulus, valueIfTrue, string.Empty); } + /// + /// If this item is at an index that can be divided by the specified , the HTML encoded will be returned; otherwise, . + /// + /// The modulus. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsModZero(int modulus, string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsModZero(modulus) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsModZero(modulus) ? valueIfTrue : valueIfFalse)); } + /// + /// Determines whether this item is not at an index that can be divided by the specified . + /// + /// The modulus. + /// + /// true if this item is not at an index that can be divided by the specified ; otherwise, false. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public bool IsNotModZero(int modulus) { return IsModZero(modulus) == false; } + /// + /// If this item is not at an index that can be divided by the specified , the HTML encoded will be returned; otherwise, . + /// + /// The modulus. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsNotModZero(int modulus, string valueIfTrue) { return IsNotModZero(modulus, valueIfTrue, string.Empty); } + /// + /// If this item is not at an index that can be divided by the specified , the HTML encoded will be returned; otherwise, . + /// + /// The modulus. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsNotModZero(int modulus, string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsNotModZero(modulus) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsNotModZero(modulus) ? valueIfTrue : valueIfFalse)); } + /// + /// Determines whether this item is not at the specified . + /// + /// The index. + /// + /// true if this item is not at the specified ; otherwise, false. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public bool IsNotIndex(int index) { return IsIndex(index) == false; } + /// + /// If this item is not at the specified , the HTML encoded will be returned; otherwise, . + /// + /// The index. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsNotIndex(int index, string valueIfTrue) { return IsNotIndex(index, valueIfTrue, string.Empty); } + /// + /// If this item is at the specified , the HTML encoded will be returned; otherwise, . + /// + /// The index. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsNotIndex(int index, string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsNotIndex(index) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsNotIndex(index) ? valueIfTrue : valueIfFalse)); } + /// + /// Determines whether this item is the last. + /// + /// + /// true if this item is the last; otherwise, false. + /// public bool IsLast() { return Index == TotalCount - 1; } + /// + /// If this item is the last, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsLast(string valueIfTrue) { return IsLast(valueIfTrue, string.Empty); } + /// + /// If this item is the last, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsLast(string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsLast() ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsLast() ? valueIfTrue : valueIfFalse)); } + /// + /// Determines whether this item is not the last. + /// + /// + /// true if this item is not the last; otherwise, false. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public bool IsNotLast() { return IsLast() == false; } + /// + /// If this item is not the last, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsNotLast(string valueIfTrue) { return IsNotLast(valueIfTrue, string.Empty); } + /// + /// If this item is not the last, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsNotLast(string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsNotLast() ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsNotLast() ? valueIfTrue : valueIfFalse)); } + /// + /// Determines whether this item is at an even index. + /// + /// + /// true if this item is at an even index; otherwise, false. + /// public bool IsEven() { return Index % 2 == 0; } + /// + /// If this item is at an even index, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsEven(string valueIfTrue) { return IsEven(valueIfTrue, string.Empty); } + /// + /// If this item is at an even index, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsEven(string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsEven() ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsEven() ? valueIfTrue : valueIfFalse)); } + /// + /// Determines whether this item is at an odd index. + /// + /// + /// true if this item is at an odd index; otherwise, false. + /// public bool IsOdd() { return Index % 2 == 1; } + /// + /// If this item is at an odd index, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsOdd(string valueIfTrue) { return IsOdd(valueIfTrue, string.Empty); } + /// + /// If this item is at an odd index, the HTML encoded will be returned; otherwise, . + /// + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public HtmlString IsOdd(string valueIfTrue, string valueIfFalse) { - return new HtmlString(IsOdd() ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(IsOdd() ? valueIfTrue : valueIfFalse)); } } } diff --git a/src/Umbraco.Web/HtmlHelperRenderExtensions.cs b/src/Umbraco.Web/HtmlHelperRenderExtensions.cs index ebe5e08f89..4b1de86bcf 100644 --- a/src/Umbraco.Web/HtmlHelperRenderExtensions.cs +++ b/src/Umbraco.Web/HtmlHelperRenderExtensions.cs @@ -253,12 +253,12 @@ namespace Umbraco.Web } /// - /// Helper method to create a new form to execute in the Umbraco request pipeline against a locally declared controller + /// Helper method to create a new form to execute in the Umbraco request pipeline against a locally declared controller. /// - /// - /// - /// - /// + /// The HTML helper. + /// Name of the action. + /// Name of the controller. + /// The method. /// public static MvcForm BeginUmbracoForm(this HtmlHelper html, string action, string controllerName, FormMethod method) { @@ -315,9 +315,9 @@ namespace Umbraco.Web /// /// public static MvcForm BeginUmbracoForm(this HtmlHelper html, string action, string controllerName, - object additionalRouteVals, - object htmlAttributes, - FormMethod method) + object additionalRouteVals, + object htmlAttributes, + FormMethod method) { return html.BeginUmbracoForm(action, controllerName, additionalRouteVals, HtmlHelper.AnonymousObjectToHtmlAttributes(htmlAttributes), method); } @@ -332,8 +332,8 @@ namespace Umbraco.Web /// /// public static MvcForm BeginUmbracoForm(this HtmlHelper html, string action, string controllerName, - object additionalRouteVals, - object htmlAttributes) + object additionalRouteVals, + object htmlAttributes) { return html.BeginUmbracoForm(action, controllerName, additionalRouteVals, HtmlHelper.AnonymousObjectToHtmlAttributes(htmlAttributes)); } @@ -349,9 +349,9 @@ namespace Umbraco.Web /// /// public static MvcForm BeginUmbracoForm(this HtmlHelper html, string action, string controllerName, - object additionalRouteVals, - IDictionary htmlAttributes, - FormMethod method) + object additionalRouteVals, + IDictionary htmlAttributes, + FormMethod method) { if (action == null) throw new ArgumentNullException(nameof(action)); if (string.IsNullOrWhiteSpace(action)) throw new ArgumentException("Value can't be empty or consist only of white-space characters.", nameof(action)); @@ -371,8 +371,8 @@ namespace Umbraco.Web /// /// public static MvcForm BeginUmbracoForm(this HtmlHelper html, string action, string controllerName, - object additionalRouteVals, - IDictionary htmlAttributes) + object additionalRouteVals, + IDictionary htmlAttributes) { if (action == null) throw new ArgumentNullException(nameof(action)); if (string.IsNullOrWhiteSpace(action)) throw new ArgumentException("Value can't be empty or consist only of white-space characters.", nameof(action)); @@ -840,19 +840,32 @@ namespace Umbraco.Web #region If /// - /// If the test is true, the string valueIfTrue will be returned, otherwise the valueIfFalse will be returned. + /// If is true, the HTML encoded will be returned; otherwise, . /// - public static IHtmlString If(this HtmlHelper html, bool test, string valueIfTrue, string valueIfFalse) + /// The HTML helper. + /// If set to true returns ; otherwise, . + /// The value if true. + /// + /// The HTML encoded value. + /// + public static IHtmlString If(this HtmlHelper html, bool test, string valueIfTrue) { - return test ? new HtmlString(valueIfTrue) : new HtmlString(valueIfFalse); + return If(html, test, valueIfTrue, string.Empty); } /// - /// If the test is true, the string valueIfTrue will be returned, otherwise the valueIfFalse will be returned. + /// If is true, the HTML encoded will be returned; otherwise, . /// - public static IHtmlString If(this HtmlHelper html, bool test, string valueIfTrue) + /// The HTML helper. + /// If set to true returns ; otherwise, . + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + public static IHtmlString If(this HtmlHelper html, bool test, string valueIfTrue, string valueIfFalse) { - return test ? new HtmlString(valueIfTrue) : new HtmlString(string.Empty); + return new HtmlString(HttpUtility.HtmlEncode(test ? valueIfTrue : valueIfFalse)); } #endregion @@ -862,16 +875,32 @@ namespace Umbraco.Web private static readonly HtmlStringUtilities StringUtilities = new HtmlStringUtilities(); /// - /// Replaces text line breaks with HTML line breaks + /// Replaces text line breaks with HTML line breaks. /// - /// + /// The HTML helper. /// The text. - /// The text with text line breaks replaced with HTML line breaks (
) + /// + /// The text with text line breaks replaced with HTML line breaks (<br />). + /// + [Obsolete("This method doesn't HTML encode the text. Use ReplaceLineBreaks instead.")] public static IHtmlString ReplaceLineBreaksForHtml(this HtmlHelper helper, string text) { return StringUtilities.ReplaceLineBreaksForHtml(text); } + /// + /// HTML encodes the text and replaces text line breaks with HTML line breaks. + /// + /// The HTML helper. + /// The text. + /// + /// The HTML encoded text with text line breaks replaced with HTML line breaks (<br />). + /// + public static IHtmlString ReplaceLineBreaks(this HtmlHelper helper, string text) + { + return StringUtilities.ReplaceLineBreaks(text); + } + /// /// Generates a hash based on the text string passed in. This method will detect the /// security requirements (is FIPS enabled) and return an appropriate hash. diff --git a/src/Umbraco.Web/HtmlStringUtilities.cs b/src/Umbraco.Web/HtmlStringUtilities.cs index a8cbb70019..7df3e69bcb 100644 --- a/src/Umbraco.Web/HtmlStringUtilities.cs +++ b/src/Umbraco.Web/HtmlStringUtilities.cs @@ -16,21 +16,25 @@ namespace Umbraco.Web public sealed class HtmlStringUtilities { /// - /// Replaces text line breaks with HTML line breaks + /// Replaces text line breaks with HTML line breaks. /// /// The text. - /// The text with text line breaks replaced with HTML line breaks (<br />). + /// + /// The text with text line breaks replaced with HTML line breaks (<br />). + /// [Obsolete("This method doesn't HTML encode the text. Use ReplaceLineBreaks instead.")] public HtmlString ReplaceLineBreaksForHtml(string text) { - return new HtmlString(text.Replace("\r\n", @"
").Replace("\n", @"
").Replace("\r", @"
")); + return new HtmlString(text.Replace("\r\n", @"
").Replace("\n", @"
").Replace("\r", @"
")); } - + /// /// HTML encodes the text and replaces text line breaks with HTML line breaks. /// /// The text. - /// The HTML encoded text with text line breaks replaced with HTML line breaks (<br />). + /// + /// The HTML encoded text with text line breaks replaced with HTML line breaks (<br />). + /// public IHtmlString ReplaceLineBreaks(string text) { var value = HttpUtility.HtmlEncode(text)? diff --git a/src/Umbraco.Web/Mvc/HtmlTagWrapperTextNode.cs b/src/Umbraco.Web/Mvc/HtmlTagWrapperTextNode.cs index 43bfedde86..1085c2a279 100644 --- a/src/Umbraco.Web/Mvc/HtmlTagWrapperTextNode.cs +++ b/src/Umbraco.Web/Mvc/HtmlTagWrapperTextNode.cs @@ -12,7 +12,7 @@ namespace Umbraco.Web.Mvc public void WriteToHtmlTextWriter(System.Web.UI.HtmlTextWriter html) { - html.Write(Content); + html.WriteEncodedText(Content); } } } diff --git a/src/Umbraco.Web/PublishedContentExtensions.cs b/src/Umbraco.Web/PublishedContentExtensions.cs index 750ffa4be6..73148b667a 100644 --- a/src/Umbraco.Web/PublishedContentExtensions.cs +++ b/src/Umbraco.Web/PublishedContentExtensions.cs @@ -287,29 +287,82 @@ namespace Umbraco.Web return content.Id == other.Id; } + /// + /// If the specified is equal to , the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsEqual(this IPublishedContent content, IPublishedContent other, string valueIfTrue) { return content.IsEqual(other, valueIfTrue, string.Empty); } + /// + /// If the specified is equal to , the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsEqual(this IPublishedContent content, IPublishedContent other, string valueIfTrue, string valueIfFalse) { - return new HtmlString(content.IsEqual(other) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(content.IsEqual(other) ? valueIfTrue : valueIfFalse)); } + /// + /// If the specified is not equal to , the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static bool IsNotEqual(this IPublishedContent content, IPublishedContent other) { return content.IsEqual(other) == false; } + /// + /// If the specified is not equal to , the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsNotEqual(this IPublishedContent content, IPublishedContent other, string valueIfTrue) { return content.IsNotEqual(other, valueIfTrue, string.Empty); } + /// + /// If the specified is not equal to , the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsNotEqual(this IPublishedContent content, IPublishedContent other, string valueIfTrue, string valueIfFalse) { - return new HtmlString(content.IsNotEqual(other) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(content.IsNotEqual(other) ? valueIfTrue : valueIfFalse)); } #endregion @@ -321,14 +374,35 @@ namespace Umbraco.Web return other.Level < content.Level && content.Path.InvariantStartsWith(other.Path.EnsureEndsWith(',')); } + /// + /// If the specified is a decendant of , the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsDescendant(this IPublishedContent content, IPublishedContent other, string valueIfTrue) { return content.IsDescendant(other, valueIfTrue, string.Empty); } + /// + /// If the specified is a decendant of , the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsDescendant(this IPublishedContent content, IPublishedContent other, string valueIfTrue, string valueIfFalse) { - return new HtmlString(content.IsDescendant(other) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(content.IsDescendant(other) ? valueIfTrue : valueIfFalse)); } public static bool IsDescendantOrSelf(this IPublishedContent content, IPublishedContent other) @@ -336,14 +410,35 @@ namespace Umbraco.Web return content.Path.InvariantEquals(other.Path) || content.IsDescendant(other); } + /// + /// If the specified is a decendant of or are the same, the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsDescendantOrSelf(this IPublishedContent content, IPublishedContent other, string valueIfTrue) { return content.IsDescendantOrSelf(other, valueIfTrue, string.Empty); } + /// + /// If the specified is a decendant of or are the same, the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsDescendantOrSelf(this IPublishedContent content, IPublishedContent other, string valueIfTrue, string valueIfFalse) { - return new HtmlString(content.IsDescendantOrSelf(other) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(content.IsDescendantOrSelf(other) ? valueIfTrue : valueIfFalse)); } public static bool IsAncestor(this IPublishedContent content, IPublishedContent other) @@ -351,14 +446,35 @@ namespace Umbraco.Web return content.Level < other.Level && other.Path.InvariantStartsWith(content.Path.EnsureEndsWith(',')); } + /// + /// If the specified is an ancestor of , the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsAncestor(this IPublishedContent content, IPublishedContent other, string valueIfTrue) { return content.IsAncestor(other, valueIfTrue, string.Empty); } + /// + /// If the specified is an ancestor of , the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsAncestor(this IPublishedContent content, IPublishedContent other, string valueIfTrue, string valueIfFalse) { - return new HtmlString(content.IsAncestor(other) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(content.IsAncestor(other) ? valueIfTrue : valueIfFalse)); } public static bool IsAncestorOrSelf(this IPublishedContent content, IPublishedContent other) @@ -366,14 +482,35 @@ namespace Umbraco.Web return other.Path.InvariantEquals(content.Path) || content.IsAncestor(other); } + /// + /// If the specified is an ancestor of or are the same, the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsAncestorOrSelf(this IPublishedContent content, IPublishedContent other, string valueIfTrue) { return content.IsAncestorOrSelf(other, valueIfTrue, string.Empty); } + /// + /// If the specified is an ancestor of or are the same, the HTML encoded will be returned; otherwise, . + /// + /// The content. + /// The other content. + /// The value if true. + /// The value if false. + /// + /// The HTML encoded value. + /// + // TODO: This method should be removed or moved to an extension method on HtmlHelper. public static HtmlString IsAncestorOrSelf(this IPublishedContent content, IPublishedContent other, string valueIfTrue, string valueIfFalse) { - return new HtmlString(content.IsAncestorOrSelf(other) ? valueIfTrue : valueIfFalse); + return new HtmlString(HttpUtility.HtmlEncode(content.IsAncestorOrSelf(other) ? valueIfTrue : valueIfFalse)); } #endregion