Refaktorierung für HTML-Sanitization mit neuer Sanitizer-Klasse.

- Bestehende Sanitization überarbeitet. - Injektionsmethode für flexible Konfiguration implementiert. - Wichtige Abschnitte in `show-envelope` hervorgehoben.
2024-07-18 10:52:39 +02:00
parent 1c2df71e0f
commit 43ae15b71c
9 changed files with 61 additions and 18 deletions
--- a/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
+++ b/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
@@ -38,15 +38,12 @@
                    <div class="col p-0 m-0">
                        <div class="card-body p-0 m-0 ms-4">
                            <h5 class="card-title p-0 m-0">@($"{envelope?.Title.TrySanitize(_sanitizer)}")</h5>
-                            <p class="card-text p-0 m-0">@(string.Format(_localizer[WebKey.EnvelopeInfo1], pages.Count(), stPageIndexes.TrySanitize(_sanitizer)))</p>
-                            <p class="card-text p-0 m-0"><small class="text-body-secondary">@Html.Raw(string.Format(_localizer[WebKey.EnvelopeInfo2], 
-                                envelope?.AddedWhen.ToString(userCulture?.Info?.DateTimeFormat), 
-                                $"{sender?.Prename} {sender?.Name}".TrySanitize(_sanitizer), 
-                                sender?.Email.TryEncode(_encoder), 
-                                envelope?.Title.TryEncode(_encoder), 
-                                sender?.Prename.TryEncode(_encoder), 
-                                sender?.Name.TryEncode(_encoder), 
-                                sender?.Email.TryEncode(_encoder)).TrySanitize(_sanitizer))</small></p>
+                            <p class="card-text p-0 m-0">@Html.Raw(string.Format(_localizer[WebKey.EnvelopeInfo1], pages.Count(), stPageIndexes).TrySanitize(_hlSanitizer))</p>
+                            <p class="card-text p-0 m-0">
+                                <small class="text-body-secondary">
+                                    @Html.Raw(string.Format(_localizer[WebKey.EnvelopeInfo2], envelope?.AddedWhen.ToString(userCulture?.Info?.DateTimeFormat), $"{sender?.Prename} {sender?.Name}", sender?.Email, envelope?.Title, sender?.Prename, sender?.Name, sender?.Email).TrySanitize(_hlSanitizer))
+                                </small>
+                            </p>
                        </div>
                    </div>
                </div>
--- a/EnvelopeGenerator.Web/Views/_ViewImports.cshtml
+++ b/EnvelopeGenerator.Web/Views/_ViewImports.cshtml
@@ -1,10 +1,12 @@
@using EnvelopeGenerator.Web
@using EnvelopeGenerator.Web.Models
+@using EnvelopeGenerator.Web.Sanitizers
@using Microsoft.Extensions.Localization
@using EnvelopeGenerator.Application.Resources
@inject IStringLocalizer<Resource> _localizer
@inject System.Text.Encodings.Web.UrlEncoder _encoder
@inject Ganss.Xss.HtmlSanitizer _sanitizer
+@inject HighlightHtmlSanitizer _hlSanitizer
@inject Microsoft.AspNetCore.Http.IHttpContextAccessor _accessor
@inject Cultures _cultures
@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers