feat(HomeController): Sanizer hinzugefügt

2024-10-05 02:16:14 +02:00 · 2024-10-05 02:16:14 +02:00 · 62b54d6e75
commit 62b54d6e75
parent efa9160c04
1 changed files with 12 additions and 11 deletions
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@ -17,6 +17,7 @@ using EnvelopeGenerator.Application.Resources;
 using EnvelopeGenerator.Application.DTOs.EnvelopeReceiver;
 using static EnvelopeGenerator.Common.Constants;
 using EnvelopeGenerator.Domain.Entities;
+using Ganss.Xss;

 namespace EnvelopeGenerator.Web.Controllers
 {
@ -28,19 +29,19 @@ namespace EnvelopeGenerator.Web.Controllers
        private readonly IEnvelopeHistoryService _historyService;
        private readonly IStringLocalizer<Resource> _localizer;
        private readonly IConfiguration _configuration;
-        private readonly UrlEncoder _urlEncoder;
+        private readonly HtmlSanitizer _sanitizer;
        private readonly Cultures _cultures;
        private readonly IEnvelopeMailService _mailService;
        private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;

-        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, UrlEncoder urlEncoder, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService)
+        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService)
        {
            this.envelopeOldService = envelopeOldService;
            _envRcvService = envelopeReceiverService;
            _historyService = historyService;
            _localizer = localizer;
            _configuration = configuration;
-            _urlEncoder = urlEncoder;
+            _sanitizer = sanitizer;
            _cultures = cultures;
            _mailService = envelopeMailService;
            _logger = logger;
@ -52,7 +53,7 @@ namespace EnvelopeGenerator.Web.Controllers
        {
            try
            {
-                //envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);

                if (!envelopeReceiverId.TryDecode(out var decoded))
                {
@ -103,8 +104,8 @@ namespace EnvelopeGenerator.Web.Controllers
        {
            try
            {
-                culture = culture is not null ? _urlEncoder.Encode(culture) : null;
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                culture = culture is not null ? _sanitizer.Sanitize(culture) : null;
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);

                if (UserLanguage is null && culture is null)
                {
@ -139,7 +140,7 @@ namespace EnvelopeGenerator.Web.Controllers
            {
                ViewData["UserCulture"] = _cultures[UserLanguage];

-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
                (string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();

                if (uuid is null || signature is null)
@ -246,7 +247,7 @@ namespace EnvelopeGenerator.Web.Controllers
        {
            try
            {
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
                return await _envRcvService.IsExisting(envelopeReceiverId: envelopeReceiverId).ThenAsync(
                    SuccessAsync: async isExisting =>
                    {
@ -280,7 +281,7 @@ namespace EnvelopeGenerator.Web.Controllers
        {
            try
            {
-                envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
+                envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);

                await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
                return await _envRcvService.ReadByEnvelopeReceiverIdAsync(envelopeReceiverId).ThenAsync(
@ -310,7 +311,7 @@ namespace EnvelopeGenerator.Web.Controllers
        {
            try
            {
-                //readOnlyKey = _urlEncoder.Encode(readOnlyKey);
+                readOnlyKey = _sanitizer.Sanitize(readOnlyKey);

                // check if the readOnlyId is valid
                if (!readOnlyKey.TryDecode(out var decodedKeys) || decodedKeys.GetEncodeType() != EncodeType.EnvelopeReceiverReadOnly)
@ -379,7 +380,7 @@ namespace EnvelopeGenerator.Web.Controllers
        {
            try
            {
-                language = _urlEncoder.Encode(language);
+                language = _sanitizer.Sanitize(language);
                if (!_cultures.Languages.Contains(language))
                    return BadRequest();