Fix #75

Update to .NET Core 1.0
mganss · Jul 19, 2016 · f81cb1d · f81cb1d
1 parent af9c5e3
commit f81cb1d
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 19 deletions.
diff --git a/src/HtmlSanitizer/HtmlSanitizer.cs b/src/HtmlSanitizer/HtmlSanitizer.cs
@@ -354,7 +354,8 @@ private static IEnumerable<INode> GetAllNodes(INode dom)
         public string Sanitize(string html, string baseUrl = "", IMarkupFormatter outputFormatter = null)
         {
             var parser = CreateParser();
-            var dom = parser.Parse("<body>" + html + "</body>");
+            var dom = parser.Parse("<html><body></body></html>");
+            dom.Body.InnerHtml = html;
 
             DoSanitize(dom, dom.Body, baseUrl, outputFormatter);
 

diff --git a/src/HtmlSanitizer/HtmlSanitizer.project.json b/src/HtmlSanitizer/HtmlSanitizer.project.json
@@ -1,11 +1,11 @@
-{
+{
   "dependencies": {
-    "AngleSharp": "0.9.6"
+    "AngleSharp": "0.9.7"
   },
   "frameworks": {
-    "net45": { }
+    "net45": {}
   },
   "runtimes": {
-    "win": { }
+    "win": {}
   }
-}
+}
diff --git a/src/HtmlSanitizer/project.json b/src/HtmlSanitizer/project.json
@@ -17,7 +17,7 @@
     "keyFile": "HtmlSanitizer.snk"
   },
   "dependencies": {
-    "AngleSharp": "0.9.6"
+    "AngleSharp": "0.9.7"
   },
   "frameworks": {
     "net45": {
@@ -35,15 +35,15 @@
         ]
       },
       "dependencies": {
-        "System.Collections": "4.0.11-rc2-24027",
-        "System.ComponentModel": "4.0.1-rc2-24027",
-        "System.Diagnostics.Debug": "4.0.11-rc2-24027",
-        "System.Globalization": "4.0.11-rc2-24027",
-        "System.Linq": "4.1.0-rc2-24027",
-        "System.Runtime": "4.1.0-rc2-24027",
-        "System.Runtime.Extensions": "4.1.0-rc2-24027",
-        "System.Text.RegularExpressions": "4.0.12-rc2-24027",
-        "System.Threading": "4.0.11-rc2-24027"
+        "System.Collections": "4.0.11",
+        "System.ComponentModel": "4.0.1",
+        "System.Diagnostics.Debug": "4.0.11",
+        "System.Globalization": "4.0.11",
+        "System.Linq": "4.1.0",
+        "System.Runtime": "4.1.0",
+        "System.Runtime.Extensions": "4.1.0",
+        "System.Text.RegularExpressions": "4.1.0",
+        "System.Threading": "4.0.11"
       }
     }
   }

diff --git a/test/HtmlSanitizer.Tests/Tests.cs b/test/HtmlSanitizer.Tests/Tests.cs
@@ -475,7 +475,7 @@ public void ImageHalfOpenHtmlXSSTest()
             string actual = sanitizer.Sanitize(htmlFragment);
 
             // Assert
-            string expected = "<img>";
+            string expected = "";
             Assert.Equal(expected, actual, ignoreCase: true);
         }
 
@@ -494,7 +494,7 @@ public void ImageDoubleOpenAngleBracketXSSTest()
             string actual = sanitizer.Sanitize(htmlFragment);
 
             // Assert
-            string expected = "<img src=\"http://ha.ckers.org/scriptlet.html\">";
+            string expected = "";
             Assert.Equal(expected, actual, ignoreCase: true);
         }
 
@@ -2693,6 +2693,30 @@ public void UriHashTest()
 
             Assert.Equal(html, actual);
         }
+
+        [Fact]
+        public void FragmentTest()
+        {
+            var s = new HtmlSanitizer();
+            var html = @"<script>alert('test');</script><p>Test</p>";
+
+            var actual = s.Sanitize(html);
+
+            Assert.Equal("<p>Test</p>", actual);
+        }
+
+        [Fact]
+        public void OpenTagFragmentTest()
+        {
+            // https://github.com/mganss/HtmlSanitizer/issues/75
+
+            var s = new HtmlSanitizer();
+            var html = "<p>abc<script>xyz</p>";
+
+            var actual = s.Sanitize(html);
+
+            Assert.Equal("<p>abc</p>", actual);
+        }
     }
 }
 

diff --git a/test/HtmlSanitizer.Tests/project.json b/test/HtmlSanitizer.Tests/project.json
@@ -13,7 +13,7 @@
       "dependencies": {
         "Microsoft.NETCore.App": {
           "type": "platform",
-          "version": "1.0.0-rc2-3002702"
+          "version": "1.0.0"
         }
       },
       "imports": [