yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Properly HTML encode text in helper methods (#6545)

Browse Source
This commit is contained in:
Ronald Barendse
2020-06-19 11:41:16 +02:00
committed by GitHub
parent a9bd2ae856
commit 0886ada39c
5 changed files with 489 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Umbraco.Web/HtmlStringUtilities.cs
View File

@@ -16,21 +16,25 @@ namespace Umbraco.Web
public sealed class HtmlStringUtilities
{
/// <summary>
/// Replaces text line breaks with HTML line breaks
/// Replaces text line breaks with HTML line breaks.
/// </summary>
/// <param name="text">The text.</param>
/// <returns>The text with text line breaks replaced with HTML line breaks (<c>&lt;br /&gt;</c>).
/// <returns>
/// The text with text line breaks replaced with HTML line breaks (<c>&lt;br /&gt;</c>).
/// </returns>
[Obsolete("This method doesn't HTML encode the text. Use ReplaceLineBreaks instead.")]
public HtmlString ReplaceLineBreaksForHtml(string text)
{
return new HtmlString(text.Replace("\r\n", @"<br />").Replace("\n", @"<br />").Replace("\r", @"<br />"));
return new HtmlString(text.Replace("\r\n", @"<br />").Replace("\n", @"<br />").Replace("\r", @"<br />"));
}
/// <summary>
/// HTML encodes the text and replaces text line breaks with HTML line breaks.
/// </summary>
/// <param name="text">The text.</param>
/// <returns>The HTML encoded text with text line breaks replaced with HTML line breaks (<c>&lt;br /&gt;</c>).</returns>
/// <returns>
/// The HTML encoded text with text line breaks replaced with HTML line breaks (<c>&lt;br /&gt;</c>).
/// </returns>
public IHtmlString ReplaceLineBreaks(string text)
{
var value = HttpUtility.HtmlEncode(text)?