Merge remote-tracking branch 'origin/v9/feature/add-html-sanitizer-abstraction' into v9/dev

# Conflicts: # src/Umbraco.Core/Security/IHtmlSanitizer.cs # src/Umbraco.Core/Security/NoopHtmlSanitizer.cs
2022-01-26 08:02:04 +01:00
parent 160d9fb96b 39f7102312
commit 930bdac45e
4 changed files with 11 additions and 4 deletions
--- a/src/Umbraco.Core/DependencyInjection/UmbracoBuilder.cs
+++ b/src/Umbraco.Core/DependencyInjection/UmbracoBuilder.cs
@@ -263,6 +263,9 @@ namespace Umbraco.Cms.Core.DependencyInjection

            // Register telemetry service used to gather data about installed packages
            Services.AddUnique<ITelemetryService, TelemetryService>();
+
+            // Register a noop IHtmlSanitizer to be replaced
+            Services.AddUnique<IHtmlSanitizer, NoopHtmlSanitizer>();
        }
    }
 }
--- a/src/Umbraco.Core/Security/IHtmlSanitizer.cs
+++ b/src/Umbraco.Core/Security/IHtmlSanitizer.cs
@@ -1,4 +1,4 @@
-namespace Umbraco.Core.Security
+namespace Umbraco.Cms.Core.Security
 {
    public interface IHtmlSanitizer
    {
--- a/src/Umbraco.Core/Security/NoopHtmlSanitizer.cs
+++ b/src/Umbraco.Core/Security/NoopHtmlSanitizer.cs
@@ -1,4 +1,4 @@
-namespace Umbraco.Core.Security
+namespace Umbraco.Cms.Core.Security
 {
    public class NoopHtmlSanitizer : IHtmlSanitizer
    {
--- a/src/Umbraco.Infrastructure/PropertyEditors/RichTextPropertyEditor.cs
+++ b/src/Umbraco.Infrastructure/PropertyEditors/RichTextPropertyEditor.cs
@@ -81,6 +81,7 @@ namespace Umbraco.Cms.Core.PropertyEditors
            private readonly HtmlLocalLinkParser _localLinkParser;
            private readonly RichTextEditorPastedImages _pastedImages;
            private readonly IImageUrlGenerator _imageUrlGenerator;
+            private readonly IHtmlSanitizer _htmlSanitizer;

            public RichTextPropertyValueEditor(
                DataEditorAttribute attribute,
@@ -92,7 +93,8 @@ namespace Umbraco.Cms.Core.PropertyEditors
                RichTextEditorPastedImages pastedImages,
                IImageUrlGenerator imageUrlGenerator,
                IJsonSerializer jsonSerializer,
-                IIOHelper ioHelper)
+                IIOHelper ioHelper,
+                IHtmlSanitizer htmlSanitizer)
                : base(localizedTextService, shortStringHelper, jsonSerializer, ioHelper, attribute)
            {
                _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
@@ -100,6 +102,7 @@ namespace Umbraco.Cms.Core.PropertyEditors
                _localLinkParser = localLinkParser;
                _pastedImages = pastedImages;
                _imageUrlGenerator = imageUrlGenerator;
+                _htmlSanitizer = htmlSanitizer;
            }

            /// <inheritdoc />
@@ -156,8 +159,9 @@ namespace Umbraco.Cms.Core.PropertyEditors
                var parseAndSavedTempImages = _pastedImages.FindAndPersistPastedTempImages(editorValue.Value.ToString(), mediaParentId, userId, _imageUrlGenerator);
                var editorValueWithMediaUrlsRemoved = _imageSourceParser.RemoveImageSources(parseAndSavedTempImages);
                var parsed = MacroTagParser.FormatRichTextContentForPersistence(editorValueWithMediaUrlsRemoved);
+                var sanitized = _htmlSanitizer.Sanitize(parsed);

-                return parsed.NullOrWhiteSpaceAsNull();
+                return sanitized.NullOrWhiteSpaceAsNull();
            }

            /// <summary>