From 62b54d6e75eb51bc143004d7501b4eb7eac85f64 Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Sat, 5 Oct 2024 02:16:14 +0200
Subject: [PATCH] =?UTF-8?q?feat(HomeController):=20Sanizer=20hinzugef?=
 =?UTF-8?q?=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Controllers/HomeController.cs             | 23 ++++++++++---------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/EnvelopeGenerator.Web/Controllers/HomeController.cs b/EnvelopeGenerator.Web/Controllers/HomeController.cs
index ff7a2832..4bf469aa 100644
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@@ -17,6 +17,7 @@ using EnvelopeGenerator.Application.Resources;
 using EnvelopeGenerator.Application.DTOs.EnvelopeReceiver;
 using static EnvelopeGenerator.Common.Constants;
 using EnvelopeGenerator.Domain.Entities;
+using Ganss.Xss;
 
 namespace EnvelopeGenerator.Web.Controllers
 {
@@ -28,19 +29,19 @@ namespace EnvelopeGenerator.Web.Controllers
         private readonly IEnvelopeHistoryService _historyService;
         private readonly IStringLocalizer<Resource> _localizer;
         private readonly IConfiguration _configuration;
-        private readonly UrlEncoder _urlEncoder;
+        private readonly HtmlSanitizer _sanitizer;
         private readonly Cultures _cultures;
         private readonly IEnvelopeMailService _mailService;
         private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
 
-        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, UrlEncoder urlEncoder, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService)
+        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService)
         {
             this.envelopeOldService = envelopeOldService;
             _envRcvService = envelopeReceiverService;
             _historyService = historyService;
             _localizer = localizer;
             _configuration = configuration;
-            _urlEncoder = urlEncoder;
+            _sanitizer = sanitizer;
             _cultures = cultures;
             _mailService = envelopeMailService;
             _logger = logger;
@@ -52,7 +53,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                //envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
 
                 if (!envelopeReceiverId.TryDecode(out var decoded))
                 {
@@ -103,8 +104,8 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                culture = culture is not null ? _urlEncoder.Encode(culture) : null;
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                culture = culture is not null ? _sanitizer.Sanitize(culture) : null;
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
 
                 if (UserLanguage is null && culture is null)
                 {
@@ -139,7 +140,7 @@ namespace EnvelopeGenerator.Web.Controllers
             {
                 ViewData["UserCulture"] = _cultures[UserLanguage];
 
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
                 (string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
 
                 if (uuid is null || signature is null)
@@ -246,7 +247,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
                 return await _envRcvService.IsExisting(envelopeReceiverId: envelopeReceiverId).ThenAsync(
                     SuccessAsync: async isExisting =>
                     {
@@ -280,7 +281,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
 
                 await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                 return await _envRcvService.ReadByEnvelopeReceiverIdAsync(envelopeReceiverId).ThenAsync(
@@ -310,7 +311,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                //readOnlyKey = _urlEncoder.Encode(readOnlyKey);
+                readOnlyKey = _sanitizer.Sanitize(readOnlyKey);
 
                 // check if the readOnlyId is valid
                 if (!readOnlyKey.TryDecode(out var decodedKeys) || decodedKeys.GetEncodeType() != EncodeType.EnvelopeReceiverReadOnly)
@@ -379,7 +380,7 @@ namespace EnvelopeGenerator.Web.Controllers
         {
             try
             {
-                language = _urlEncoder.Encode(language);
+                language = _sanitizer.Sanitize(language);
                 if (!_cultures.Languages.Contains(language))
                     return BadRequest();