Implementierung von HtmlSanitizer und UrlEncoder zur Absicherung von Benutzereingaben gegen XSS und URL-Manipulationsanfälligkeiten.

2024-05-07 16:26:04 +02:00
parent b19cccdc34
commit d8617093ce
11 changed files with 117 additions and 47 deletions
--- a/EnvelopeGenerator.Web/Controllers/Test/TestSanitizeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/Test/TestSanitizeController.cs
@@ -0,0 +1,37 @@
+using Ganss.Xss;
+using Microsoft.AspNetCore.Mvc;
+using System.Text.Encodings.Web;
+
+namespace EnvelopeGenerator.Web.Controllers.Test
+{
+    [ApiController]
+    [Route("api/test/[controller]")]
+    public class TestSanitizeController : ControllerBase
+    {
+        private readonly HtmlEncoder _htmlEncoder;
+        private readonly HtmlSanitizer _sanitizer;
+
+        public TestSanitizeController(HtmlEncoder htmlEncoder, HtmlSanitizer sanitizer)
+        {
+            _htmlEncoder = htmlEncoder;
+            _sanitizer = sanitizer;
+        }
+
+        [HttpGet("sanitize")]
+        public IActionResult Sanitize([FromQuery] string? input = null) => Ok(new
+        {
+            input,
+            Sanitized = _sanitizer.Sanitize(input),
+            SanitizedDocument = _sanitizer.SanitizeDocument(input),
+            SanitizedDom = _sanitizer.SanitizeDom(input)
+        });
+
+
+        [HttpGet("encode")]
+        public IActionResult Encoder([FromQuery] string? input = null) => Ok(new
+        {
+            input,
+            Encoded = _htmlEncoder.Encode(input)
+        });
+    }
+}