AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remvoe sanitzer from views and use extensions instead of keys

Browse Source
This commit is contained in:
tekh
2025-08-23 00:54:27 +02:00
parent a080aaec95
commit 7a011930df
13 changed files with 300 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
EnvelopeGenerator.Web/Views/Home/EnvelopeLocked.cshtml
View File

@@ -5,7 +5,7 @@
//TODO: Create view model
var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
var cImg = _cImgOpt.Value;
ViewData["Title"] = _localizer[WebKey.DocProtected];
ViewData["Title"] = _localizer.DocProtected();
string codeType = ViewData["CodeType"] is string _codeType ? _codeType : "accessCode";
string codeKeyName = (char.ToUpper(codeType[0]) + codeType.Substring(1)).Replace("Code", "");
bool viaSms = codeType == "smsCode";
@@ -22,7 +22,7 @@
<div class="page container py-4 px-4">
<header class="text-center">
<div class="header-1 alert alert-secondary" role="alert">
<h3 class="text">@_localizer[WebKey.WelcomeToTheESignPortal]</h3>
<h3 class="text">@_localizer.WelcomeToTheESignPortal()</h3>
<img class="@cImg["Company"].GetClassIn("Locked")" src="@cImg["Company"].Src" />
</div>
<div class="icon locked @(viaTFA ? "tfa" : "") mt-4 mb-1">
@@ -31,7 +31,7 @@
<path d="M9.5 6.5a1.5 1.5 0 0 1-1 1.415l.385 1.99a.5.5 0 0 1-.491.595h-.788a.5.5 0 0 1-.49-.595l.384-1.99a1.5 1.5 0 1 1 2-1.415" />
</svg>
</div>
<h1>@_localizer[WebKey.Formats.LockedTitle.Format(codeKeyName)]</h1>
<h1>@_localizer.LockedTitle(codeKeyName)</h1>
</header>
@if (viaAuthenticator && (tfaRegDeadline is null || tfaRegDeadline > DateTime.Now))
{
@@ -47,14 +47,14 @@
</section>
}
<section class="text-center">
<p>@_localizer[WebKey.Formats.LockedBody.Format(codeKeyName)].Value</p>
<p>@_localizer.LockedBody(codeKeyName)</p>
</section>
<div class="row m-0 p-0">
<div class="access-code-panel justify-content-center align-items-center p-0 m-0">
<form id="form-access-code" class="form form-floating mb-0" method="post">
<div class="form-floating access-code-form-floating">
<input type="password" id="access_code" class="form-control" name="@codeType" placeholder="@_localizer[WebKey.Formats.LockedCodeLabel.Format(codeKeyName)]" required="required">
<label for="access_code">@_localizer[WebKey.Formats.LockedCodeLabel.Format(codeKeyName)]</label>
<input type="password" id="access_code" class="form-control" name="@codeType" placeholder="@_localizer.LockedCodeLabel(codeKeyName)]" required="required">
<label for="access_code">@_localizer.LockedCodeLabel(codeKeyName)</label>
<button type="submit" class="btn btn-primary">
<span class="material-symbols-outlined">
login
@@ -85,14 +85,13 @@
@if (ViewData["ErrorMessage"] is string errMsg)
{
<div id="access-code-error-message" class="alert alert-danger row" role="alert">
@_sanitizer.Sanitize(errMsg)
@errMsg
</div>
}
<section class="no-receiver-explanation text-center">
<details>
<summary>@_localizer[WebKey.Formats.LockedFooterTitle.Format(codeKeyName)]</summary>
<p>@Html.Raw(_localizer[WebKey.Formats.LockedFooterBody.Format(codeKeyName)].Value.Format(senderEmail, "Envelope - " + envelopeTitle, string.Empty))</p>
<summary>@_localizer.LockedFooterTitle(codeKeyName)</summary>
<p>@Html.Raw(_localizer.LockedFooterBody(codeKeyName).Format(senderEmail, "Envelope - " + envelopeTitle, string.Empty))</p>
</details>
</section>
</div>

12
EnvelopeGenerator.Web/Views/Home/EnvelopeRejected.cshtml
View File

@@ -1,5 +1,5 @@
@{
ViewData["Title"] = _localizer[WebKey.DocRejected];
ViewData["Title"] = _localizer.DocRejected();
}
@{
var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
@@ -53,16 +53,16 @@
c-5.791,5.79-15.176,5.79-20.969,0l-30.32-30.322l-11.676,11.676l30.32,30.32c5.79,5.79,5.79,15.178,0,20.969L299.11,404.045z"/>
</svg>
</div>
<h1>@_localizer[isExt ? WebKey.RejectionInfo1_ext : WebKey.RejectionInfo1].TrySanitize(_sanitizer)</h1>
<h1>@(isExt ? _localizer.RejectionInfo1Ext() : _localizer.RejectionInfo1())</h1>
</header>
<section class="text-center">
<div class="card-body p-0 m-0 ms-4">
<p class="card-text p-0 m-0">
<small class="text-body-secondary">
@Html.Raw(string.Format(_localizer[isExt ? WebKey.RejectionInfo2_ext : WebKey.RejectionInfo2],
$"{sender?.Prename} {sender?.Name}".TrySanitize(_sanitizer),
sender?.Email.TrySanitize(_sanitizer),
envelope?.Title.TrySanitize(_sanitizer)))
@Html.Raw((isExt ? _localizer.RejectionInfo2Ext() : _localizer.RejectionInfo2()).Format(
$"{sender?.Prename} {sender?.Name}",
sender?.Email,
envelope?.Title))
</small>
</p>
</div>

2
EnvelopeGenerator.Web/Views/Home/EnvelopeSigned.cshtml
View File

@@ -1,5 +1,5 @@
@{
ViewData["Title"] = _localizer[WebKey.DocSigned];
ViewData["Title"] = _localizer.DocSigned();
}
<div class="page container p-5">
<header class="text-center">

6
EnvelopeGenerator.Web/Views/Home/Main.cshtml
View File

@@ -8,7 +8,7 @@
<div class="page container py-4 px-4">
<header class="text-center">
<div class="header-1 alert alert-secondary" role="alert">
<h3 class="text">@_localizer[WebKey.WelcomeToTheESignPortal]</h3>
<h3 class="text">@_localizer.WelcomeToTheESignPortal()</h3>
<img class="@cImg["Company"].GetClassIn("Locked")" src="@cImg["Company"].Src" />
</div>
<div class="icon mt-4 mb-1">
@@ -27,12 +27,12 @@
@if (ViewData["ErrorMessage"] is string errMsg)
{
<div id="access-code-error-message" class="alert alert-danger row" role="alert">
@_sanitizer.Sanitize(errMsg)
@errMsg
</div>
}
</div>
<script nonce="@nonce">
const msg = "@_localizer[WebKey.HomePageDescription]";
const msg = "@_localizer.HomePageDescription()";
var typed = new Typed('#home-description', {
strings: [msg],
typeSpeed: 15,

30
EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
View File

@@ -18,12 +18,12 @@
var pages = document?.Elements?.Select(e => e.Page) ?? Array.Empty<int>();
int? signatureCount = document?.Elements?.Count();
var stPageIndexes = string.Join(pages.Count() > 1 ? ", " : "", pages.Take(pages.Count() - 1))
+ (pages.Count() > 1 ? $" {_localizer[WebKey.and].TrySanitize(_sanitizer)} " : "") + pages.LastOrDefault();
+ (pages.Count() > 1 ? $" {_localizer.And()} " : "") + pages.LastOrDefault();
var isReadOnly = false;
if (ViewData["IsReadOnly"] is bool isReadOnly_bool)
isReadOnly = isReadOnly_bool;
ViewData["Title"] = isReadOnly ? _localizer[WebKey.ViewDoc] : _localizer[WebKey.SignDoc];
ViewData["Title"] = isReadOnly ? _localizer.ViewDoc() : _localizer.SignDoc();
}
<div class="envelope-view">
@if (!isReadOnly)
@@ -34,13 +34,13 @@
<path d="m10.036 8.278 9.258-7.79A1.979 1.979 0 0 0 18 0H2A1.987 1.987 0 0 0 .641.541l9.395 7.737Z" />
<path d="M11.241 9.817c-.36.275-.801.425-1.255.427-.428 0-.845-.138-1.187-.395L0 2.6V14a2 2 0 0 0 2 2h16a2 2 0 0 0 2-2V2.5l-8.759 7.317Z" />
</svg>
<span>@_localizer[WebKey.Complete]</span>
<span>@_localizer.Complete()</span>
</button>
<button class="btn_reject btn btn-danger btn-desktop" type="button">
<svg width="25px" height="25px" viewBox="43.5 43.5 512 512" version="1.1" fill="currentColor" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<path class="st0" d="M263.24,43.5c-117.36,0-212.5,95.14-212.5,212.5s95.14,212.5,212.5,212.5s212.5-95.14,212.5-212.5 S380.6,43.5,263.24,43.5z M367.83,298.36c17.18,17.18,17.18,45.04,0,62.23v0c-17.18,17.18-45.04,17.18-62.23,0l-42.36-42.36 l-42.36,42.36c-17.18,17.18-45.04,17.18-62.23,0v0c-17.18-17.18-17.18-45.04,0-62.23L201.01,256l-42.36-42.36 c-17.18-17.18-17.18-45.04,0-62.23v0c17.18-17.18,45.04-17.18,62.23,0l42.36,42.36l42.36-42.36c17.18-17.18,45.04-17.18,62.23,0v0 c17.18,17.18,17.18,45.04,0,62.23L325.46,256L367.83,298.36z" />
</svg>
<span>@_localizer[WebKey.Reject]</span>
<span>@_localizer.Reject()</span>
</button>
<button class="btn_refresh btn btn-secondary btn-desktop" type="button">
<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="currentColor" class="bi bi-arrow-counterclockwise" viewBox="0 0 16 16">
@@ -68,7 +68,7 @@
<div class="logo">
<img class="@cImg["Company"].GetClassIn("Show")" src="@cImg["Company"].Src" alt="logo">
</div>
<h2>@($"{envelope?.Title}".TrySanitize(_sanitizer))</h2>
<h2>@($"{envelope?.Title}")</h2>
@if (isReadOnly)
{
var dateTimeSt = string.Empty;
@@ -78,18 +78,18 @@
}
else
{
<h6>@($"{@envelope?.Message}".TrySanitize(_sanitizer))</h6>
<h6>@($"{@envelope?.Message}")</h6>
}
<p>
<small class="text-body-secondary">
@Html.Raw(string.Format(_localizer[WebKey.EnvelopeInfo2], /* sanitize separately but don't sanitize the URI */
envelope?.AddedWhen.ToString(userCulture?.Info?.DateTimeFormat).TrySanitize(_sanitizer),
$"{sender?.Prename} {sender?.Name}".TrySanitize(_sanitizer),
sender?.Email.TrySanitize(_sanitizer),
envelope?.Title.TrySanitize(_sanitizer),
sender?.Prename.TrySanitize(_sanitizer),
sender?.Name.TrySanitize(_sanitizer),
sender?.Email.TrySanitize(_sanitizer)))
@Html.Raw(_localizer.EnvelopeInfo2().Format(
envelope?.AddedWhen.ToString(userCulture?.Info?.DateTimeFormat),
$"{sender?.Prename} {sender?.Name}",
sender?.Email,
envelope?.Title,
sender?.Prename,
sender?.Name,
sender?.Email))
</small>
</p>
</div>
@@ -212,6 +212,6 @@
var documentBase64String = Convert.ToBase64String(documentBytes);
var envelopeKey = ViewData["EnvelopeKey"] as string;
@:document.addEventListener("DOMContentLoaded", async () => await new App("@envelopeKey.TrySanitize(_sanitizer)", @Html.Raw(envelopeReceiverJson.TrySanitize(_sanitizer)), B64ToBuff("@Html.Raw(documentBase64String.TrySanitize(_sanitizer))"), "@ViewData["PSPDFKitLicenseKey"]", "@userCulture?.Info?.TwoLetterISOLanguageName").init())
@:document.addEventListener("DOMContentLoaded", async () => await new App("@envelopeKey", @Html.Raw(envelopeReceiverJson), B64ToBuff("@Html.Raw(documentBase64String)"), "@ViewData["PSPDFKitLicenseKey"]", "@userCulture?.Info?.TwoLetterISOLanguageName").init())
}
</script>

9
EnvelopeGenerator.Web/Views/Shared/_Layout.cshtml
View File

@@ -35,10 +35,9 @@
<script nonce="@nonce">
@if (ViewData["EnvelopeKey"] is string envelopeKey)
{
@: const ENV_KEY = "@envelopeKey.TrySanitize(_sanitizer)"
@: const ENV_KEY = "@envelopeKey";
}
const IS_READONLY = @isReadOnly.ToString().ToLower();
const DEVICE_SCREEN_TYPE = window.innerWidth <= 768 ? 'mobile' : window.innerWidth <= 1024 ? 'tablet' : 'desktop';
const IS_DESKTOP_SIZE = DEVICE_SCREEN_TYPE == 'desktop'
@@ -88,14 +87,14 @@
var lang = culture.Language;
var info = culture.Info;
<li>
<a class="dropdown-item culture-dropdown-item" data-language="@lang.TrySanitize(_sanitizer)" data-flag="@_cultures[lang]?.FIClass.TrySanitize(_sanitizer)">
<span class="fi @_cultures[lang]?.FIClass.TrySanitize(_sanitizer) me-2"></span>@info?.Parent.NativeName
<a class="dropdown-item culture-dropdown-item" data-language="@lang" data-flag="@_cultures[lang]?.FIClass">
<span class="fi @_cultures[lang]?.FIClass me-2"></span>@info?.Parent.NativeName
</a>
</li>
}
</ul>
</div>
<a href="/privacy-policy.@(_localizer.Culture()).html" target="_blank">@_localizer[WebKey.Privacy]</a>
<a href="/privacy-policy.@(_localizer.Culture()).html" target="_blank">@_localizer.Privacy()</a>
</footer>
</body>
</html>

2
EnvelopeGenerator.Web/Views/TestView/DebugEnvelopes.cshtml
View File

@@ -32,7 +32,7 @@
<section>
<article class="envelope">
<strong><a href="/EnvelopeKey/@encodeEnvelopeKey(envelope)">@envelope.Title</a></strong>
<div><strong>Ersteller</strong> @envelope.User.Email.TrySanitize(_sanitizer)</div>
<div><strong>Ersteller</strong> @envelope.User.Email</div>
<div><strong>Datum</strong> @envelope.AddedWhen</div>
</article>
</section>

3
EnvelopeGenerator.Web/Views/_ViewImports.cshtml
View File

@@ -6,9 +6,6 @@
@using EnvelopeGenerator.Application.Resources
@using Microsoft.Extensions.Options
@inject IStringLocalizer<Resource> _localizer
@inject System.Text.Encodings.Web.UrlEncoder _encoder
@inject Ganss.Xss.HtmlSanitizer _sanitizer
@inject HighlightHtmlSanitizer _hlSanitizer
@inject Microsoft.AspNetCore.Http.IHttpContextAccessor _accessor
@inject Cultures _cultures
@inject IOptions<CustomImages> _cImgOpt