From 81c3b75980e9e232369e6f18aecdaa478685c39f Mon Sep 17 00:00:00 2001 From: Ajay Bhargav Baaskaran Date: Tue, 17 Feb 2015 12:09:44 -0800 Subject: [PATCH] Replaced WebUtility.HtmlEnode with IHtmlEncoder.HtmlEncode --- .../AntiForgery/AntiForgery.cs | 6 +- .../AntiForgery/AntiForgeryWorker.cs | 21 +++-- .../Rendering/Html/DefaultDisplayTemplates.cs | 21 +++-- .../Rendering/Html/DefaultEditorTemplates.cs | 2 +- .../Rendering/Html/DefaultHtmlGenerator.cs | 47 +++++----- .../Rendering/Html/HtmlHelper.cs | 20 ++++- .../Rendering/Html/HtmlHelperOfT.cs | 8 +- .../Rendering/Html/TagBuilder.cs | 89 ++++++++++--------- .../Rendering/IHtmlHelper.cs | 16 ++++ .../MvcRazorHost.cs | 1 + src/Microsoft.AspNet.Mvc.Razor/RazorPage.cs | 10 ++- .../LinkTagHelper.cs | 9 +- .../ScriptTagHelper.cs | 9 +- .../MvcServiceCollectionExtensions.cs | 1 + .../AntiXsrf/AntiForgeryWorkerTest.cs | 16 ++-- .../ValidateAntiForgeryTokenAttributeTest.cs | 4 +- .../Rendering/DefaultDisplayTemplatesTest.cs | 12 +-- .../Rendering/DefaultEditorTemplatesTest.cs | 24 ++++- .../Rendering/DefaultTemplatesUtilities.cs | 43 ++++++--- .../Rendering/HtmlHelperFormExtensionsTest.cs | 31 +++---- .../Rendering/TagBuilderTest.cs | 13 +-- .../ViewComponentTests.cs | 4 +- .../BasicWebSite.Home.ActionLinkView.html | 2 +- ...elBindingWebSite.Vehicle.Edit.Invalid.html | 2 +- .../ModelBindingWebSite.Vehicle.Edit.html | 2 +- ...ite.MvcTagHelper_Home.CreateWarehouse.html | 2 +- ...bSite.MvcTagHelper_Home.EditWarehouse.html | 2 +- ...elpersWebSite.Employee.Create.Invalid.html | 6 +- .../TagHelpersWebSite.Home.About.html | 21 +---- .../TagHelpersWebSite.Home.Help.html | 21 +---- .../TagHelpersWebSite.Home.Index.html | 24 +---- ...Site.Aria.RemoteAttribute_Home.Create.html | 6 +- ...Site.Root.RemoteAttribute_Home.Create.html | 6 +- .../Runtime/ModelExpressionTagHelper.cs | 3 +- .../RazorPageActivatorTest.cs | 13 +++ .../RazorPageTest.cs | 6 ++ .../RazorViewTest.cs | 75 +++++++++++----- .../AnchorTagHelperTest.cs | 20 +++-- .../CacheTagHelperTest.cs | 41 ++++++--- .../EnvironmentTagHelperTest.cs | 3 +- .../FormTagHelperTest.cs | 32 ++++--- .../InputTagHelperTest.cs | 29 +++--- .../LabelTagHelperTest.cs | 5 +- .../LinkTagHelperTest.cs | 68 +++++++++++++- .../OptionTagHelperTest.cs | 7 +- .../ScriptTagHelperTest.cs | 68 +++++++++++++- .../SelectTagHelperTest.cs | 13 +-- .../TagHelperOutputExtensionsTest.cs | 48 ++++++---- .../TestableHtmlGenerator.cs | 8 +- .../TextAreaTagHelperTest.cs | 5 +- .../ValidationMessageTagHelperTest.cs | 22 +++-- .../ValidationSummaryTagHelperTest.cs | 22 +++-- .../TagHelpers/TitleTagHelper.cs | 2 +- .../TagHelpers/PrettyTagHelper.cs | 15 ++-- 54 files changed, 658 insertions(+), 348 deletions(-) diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs index 297d298b28..b4a51a064f 100644 --- a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs +++ b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgery.cs @@ -7,6 +7,7 @@ using Microsoft.AspNet.Http; using Microsoft.AspNet.Mvc.Rendering; using Microsoft.Framework.Internal; using Microsoft.Framework.OptionsModel; +using Microsoft.Framework.WebEncoders; namespace Microsoft.AspNet.Mvc { @@ -22,13 +23,14 @@ namespace Microsoft.AspNet.Mvc public AntiForgery([NotNull] IClaimUidExtractor claimUidExtractor, [NotNull] IDataProtectionProvider dataProtectionProvider, [NotNull] IAntiForgeryAdditionalDataProvider additionalDataProvider, - [NotNull] IOptions mvcOptions) + [NotNull] IOptions mvcOptions, + [NotNull] IHtmlEncoder htmlEncoder) { var config = mvcOptions.Options.AntiForgeryOptions; var serializer = new AntiForgeryTokenSerializer(dataProtectionProvider.CreateProtector(_purpose)); var tokenStore = new AntiForgeryTokenStore(config, serializer); var tokenProvider = new TokenProvider(config, claimUidExtractor, additionalDataProvider); - _worker = new AntiForgeryWorker(serializer, config, tokenStore, tokenProvider, tokenProvider); + _worker = new AntiForgeryWorker(serializer, config, tokenStore, tokenProvider, tokenProvider, htmlEncoder); } /// diff --git a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryWorker.cs b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryWorker.cs index 4e7b2d2f30..6cb662fe32 100644 --- a/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryWorker.cs +++ b/src/Microsoft.AspNet.Mvc.Core/AntiForgery/AntiForgeryWorker.cs @@ -9,6 +9,7 @@ using Microsoft.AspNet.Http; using Microsoft.AspNet.Mvc.Core; using Microsoft.AspNet.Mvc.Rendering; using Microsoft.Framework.Internal; +using Microsoft.Framework.WebEncoders; namespace Microsoft.AspNet.Mvc { @@ -19,18 +20,21 @@ namespace Microsoft.AspNet.Mvc private readonly ITokenStore _tokenStore; private readonly ITokenValidator _validator; private readonly ITokenGenerator _generator; + private readonly IHtmlEncoder _htmlEncoder; internal AntiForgeryWorker([NotNull] IAntiForgeryTokenSerializer serializer, [NotNull] AntiForgeryOptions config, [NotNull] ITokenStore tokenStore, [NotNull] ITokenGenerator generator, - [NotNull] ITokenValidator validator) + [NotNull] ITokenValidator validator, + [NotNull] IHtmlEncoder htmlEncoder) { _serializer = serializer; _config = config; _tokenStore = tokenStore; _generator = generator; _validator = validator; + _htmlEncoder = htmlEncoder; } private void CheckSSLConfig(HttpContext httpContext) @@ -107,11 +111,16 @@ namespace Microsoft.AspNet.Mvc SaveCookieTokenAndHeader(httpContext, newCookieToken); // - var retVal = new TagBuilder("input"); - retVal.Attributes["type"] = "hidden"; - retVal.Attributes["name"] = _config.FormFieldName; - retVal.Attributes["value"] = _serializer.Serialize(formToken); - return retVal; + var inputTag = new TagBuilder("input", _htmlEncoder) + { + Attributes = + { + { "type", "hidden" }, + { "name", _config.FormFieldName }, + { "value", _serializer.Serialize(formToken) } + } + }; + return inputTag; } // [ ENTRY POINT ] diff --git a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultDisplayTemplates.cs b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultDisplayTemplates.cs index 626b4782a2..b906b4c7e1 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultDisplayTemplates.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultDisplayTemplates.cs @@ -5,7 +5,6 @@ using System; using System.Collections; using System.Collections.Generic; using System.Globalization; -using System.Linq; using System.Text; using Microsoft.AspNet.Mvc.Core; using Microsoft.AspNet.Mvc.ModelBinding; @@ -25,12 +24,12 @@ namespace Microsoft.AspNet.Mvc.Rendering return htmlHelper.ViewData.ModelMetadata.IsNullableValueType ? BooleanTemplateDropDownList(htmlHelper, value) : - BooleanTemplateCheckbox(value ?? false); + BooleanTemplateCheckbox(value ?? false, htmlHelper); } - private static string BooleanTemplateCheckbox(bool value) + private static string BooleanTemplateCheckbox(bool value, IHtmlHelper htmlHelper) { - var inputTag = new TagBuilder("input"); + var inputTag = new TagBuilder("input", htmlHelper.HtmlEncoder); inputTag.AddCssClass("check-box"); inputTag.Attributes["disabled"] = "disabled"; inputTag.Attributes["type"] = "checkbox"; @@ -44,7 +43,7 @@ namespace Microsoft.AspNet.Mvc.Rendering private static string BooleanTemplateDropDownList(IHtmlHelper htmlHelper, bool? value) { - var selectTag = new TagBuilder("select"); + var selectTag = new TagBuilder("select", htmlHelper.HtmlEncoder); selectTag.AddCssClass("list-box"); selectTag.AddCssClass("tri-state"); selectTag.Attributes["disabled"] = "disabled"; @@ -55,7 +54,7 @@ namespace Microsoft.AspNet.Mvc.Rendering foreach (var item in TriStateValues(value)) { var encodedText = htmlHelper.Encode(item.Text); - var option = DefaultHtmlGenerator.GenerateOption(item, encodedText); + var option = DefaultHtmlGenerator.GenerateOption(item, encodedText, htmlHelper.HtmlEncoder); builder.Append(option); } @@ -181,7 +180,7 @@ namespace Microsoft.AspNet.Mvc.Rendering string.Empty : htmlHelper.ViewData.TemplateInfo.FormattedModelValue.ToString(); - return HyperlinkTemplate(uriString, linkedText); + return HyperlinkTemplate(uriString, linkedText, htmlHelper); } public static string HiddenInputTemplate(IHtmlHelper htmlHelper) @@ -233,7 +232,7 @@ namespace Microsoft.AspNet.Mvc.Rendering continue; } - var divTag = new TagBuilder("div"); + var divTag = new TagBuilder("div", htmlHelper.HtmlEncoder); if (!propertyMetadata.HideSurroundingHtml) { @@ -293,13 +292,13 @@ namespace Microsoft.AspNet.Mvc.Rendering string.Empty : htmlHelper.ViewData.TemplateInfo.FormattedModelValue.ToString(); - return HyperlinkTemplate(uriString, linkedText); + return HyperlinkTemplate(uriString, linkedText, htmlHelper); } // Neither uriString nor linkedText need be encoded prior to calling this method. - private static string HyperlinkTemplate(string uriString, string linkedText) + private static string HyperlinkTemplate(string uriString, string linkedText, IHtmlHelper htmlHelper) { - var hyperlinkTag = new TagBuilder("a"); + var hyperlinkTag = new TagBuilder("a", htmlHelper.HtmlEncoder); hyperlinkTag.MergeAttribute("href", uriString); hyperlinkTag.SetInnerText(linkedText); diff --git a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultEditorTemplates.cs b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultEditorTemplates.cs index 9cbadc2067..5d5b192fd2 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultEditorTemplates.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultEditorTemplates.cs @@ -257,7 +257,7 @@ namespace Microsoft.AspNet.Mvc.Rendering continue; } - var divTag = new TagBuilder("div"); + var divTag = new TagBuilder("div", htmlHelper.HtmlEncoder); if (!propertyMetadata.HideSurroundingHtml) { diff --git a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultHtmlGenerator.cs b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultHtmlGenerator.cs index 3af1d558b7..db10625be2 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultHtmlGenerator.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/DefaultHtmlGenerator.cs @@ -7,13 +7,13 @@ using System.Collections.Generic; using System.Diagnostics; using System.Globalization; using System.Linq; -using System.Net; using System.Text; using Microsoft.AspNet.Mvc.Core; using Microsoft.AspNet.Mvc.ModelBinding; using Microsoft.AspNet.Mvc.Rendering.Expressions; using Microsoft.Framework.DependencyInjection; using Microsoft.Framework.Internal; +using Microsoft.Framework.WebEncoders; namespace Microsoft.AspNet.Mvc.Rendering { @@ -25,6 +25,7 @@ namespace Microsoft.AspNet.Mvc.Rendering private readonly IScopedInstance _bindingContextAccessor; private readonly IModelMetadataProvider _metadataProvider; private readonly IUrlHelper _urlHelper; + private readonly IHtmlEncoder _htmlEncoder; /// /// Initializes a new instance of the class. @@ -33,12 +34,14 @@ namespace Microsoft.AspNet.Mvc.Rendering [NotNull] AntiForgery antiForgery, [NotNull] IScopedInstance bindingContextAccessor, [NotNull] IModelMetadataProvider metadataProvider, - [NotNull] IUrlHelper urlHelper) + [NotNull] IUrlHelper urlHelper, + [NotNull] IHtmlEncoder htmlEncoder) { _antiForgery = antiForgery; _bindingContextAccessor = bindingContextAccessor; _metadataProvider = metadataProvider; _urlHelper = urlHelper; + _htmlEncoder = htmlEncoder; // Underscores are fine characters in id's. IdAttributeDotReplacement = "_"; @@ -50,13 +53,13 @@ namespace Microsoft.AspNet.Mvc.Rendering /// public string Encode(string value) { - return !string.IsNullOrEmpty(value) ? WebUtility.HtmlEncode(value) : string.Empty; + return !string.IsNullOrEmpty(value) ? _htmlEncoder.HtmlEncode(value) : string.Empty; } /// public string Encode(object value) { - return (value != null) ? WebUtility.HtmlEncode(value.ToString()) : string.Empty; + return (value != null) ? _htmlEncoder.HtmlEncode(value.ToString()) : string.Empty; } /// @@ -138,7 +141,7 @@ namespace Microsoft.AspNet.Mvc.Rendering ModelExplorer modelExplorer, string expression) { - var tagBuilder = new TagBuilder("input"); + var tagBuilder = new TagBuilder("input", _htmlEncoder); tagBuilder.MergeAttribute("type", GetInputTypeString(InputType.Hidden)); tagBuilder.MergeAttribute("value", "false"); @@ -252,7 +255,7 @@ namespace Microsoft.AspNet.Mvc.Rendering return null; } - var tagBuilder = new TagBuilder("label"); + var tagBuilder = new TagBuilder("label", _htmlEncoder); var idString = TagBuilder.CreateSanitizedId(GetFullHtmlFieldName(viewContext, expression), IdAttributeDotReplacement); tagBuilder.Attributes.Add("for", idString); @@ -454,7 +457,7 @@ namespace Microsoft.AspNet.Mvc.Rendering // Convert each ListItem to an if requested. var listItemBuilder = GenerateGroupsAndOptions(optionLabel, selectList); - var tagBuilder = new TagBuilder("select") + var tagBuilder = new TagBuilder("select", _htmlEncoder) { InnerHtml = listItemBuilder.ToString() }; @@ -521,7 +524,7 @@ namespace Microsoft.AspNet.Mvc.Rendering value = modelExplorer.Model.ToString(); } - var tagBuilder = new TagBuilder("textarea"); + var tagBuilder = new TagBuilder("textarea", _htmlEncoder); tagBuilder.GenerateId(fullName, IdAttributeDotReplacement); tagBuilder.MergeAttributes(GetHtmlAttributeDictionaryOrNull(htmlAttributes), true); if (rows > 0) @@ -545,7 +548,7 @@ namespace Microsoft.AspNet.Mvc.Rendering // The first newline is always trimmed when a TextArea is rendered, so we add an extra one // in case the value being rendered is something like "\r\nHello". - tagBuilder.InnerHtml = Environment.NewLine + WebUtility.HtmlEncode(value); + tagBuilder.InnerHtml = Environment.NewLine + _htmlEncoder.HtmlEncode(value); return tagBuilder; } @@ -615,7 +618,7 @@ namespace Microsoft.AspNet.Mvc.Rendering { tag = viewContext.ValidationMessageElement; } - var tagBuilder = new TagBuilder(tag); + var tagBuilder = new TagBuilder(tag, _htmlEncoder); tagBuilder.MergeAttributes(GetHtmlAttributeDictionaryOrNull(htmlAttributes)); // Only the style of the span is changed according to the errors if message is null or empty. @@ -668,7 +671,7 @@ namespace Microsoft.AspNet.Mvc.Rendering { headerTag = viewContext.ValidationSummaryMessageElement; } - var messageTag = new TagBuilder(headerTag); + var messageTag = new TagBuilder(headerTag, _htmlEncoder); messageTag.SetInnerText(message); wrappedMessage = messageTag.ToString(TagRenderMode.Normal) + Environment.NewLine; } @@ -690,7 +693,7 @@ namespace Microsoft.AspNet.Mvc.Rendering if (!string.IsNullOrEmpty(errorText)) { - var listItem = new TagBuilder("li"); + var listItem = new TagBuilder("li", _htmlEncoder); listItem.SetInnerText(errorText); htmlSummary.AppendLine(listItem.ToString(TagRenderMode.Normal)); } @@ -702,12 +705,12 @@ namespace Microsoft.AspNet.Mvc.Rendering htmlSummary.AppendLine(HiddenListItem); } - var unorderedList = new TagBuilder("ul") + var unorderedList = new TagBuilder("ul", _htmlEncoder) { InnerHtml = htmlSummary.ToString() }; - var tagBuilder = new TagBuilder("div"); + var tagBuilder = new TagBuilder("div", _htmlEncoder); tagBuilder.MergeAttributes(GetHtmlAttributeDictionaryOrNull(htmlAttributes)); if (viewContext.ViewData.ModelState.IsValid) @@ -758,9 +761,9 @@ namespace Microsoft.AspNet.Mvc.Rendering /// /// Not used directly in HtmlHelper. Exposed for use in DefaultDisplayTemplates. /// - internal static TagBuilder GenerateOption(SelectListItem item, string encodedText) + internal static TagBuilder GenerateOption(SelectListItem item, string encodedText, IHtmlEncoder htmlEncoder) { - var tagBuilder = new TagBuilder("option") + var tagBuilder = new TagBuilder("option", htmlEncoder) { InnerHtml = encodedText, }; @@ -819,7 +822,7 @@ namespace Microsoft.AspNet.Mvc.Rendering string method, object htmlAttributes) { - var tagBuilder = new TagBuilder("form"); + var tagBuilder = new TagBuilder("form", _htmlEncoder); tagBuilder.MergeAttributes(GetHtmlAttributeDictionaryOrNull(htmlAttributes)); // action is implicitly generated from other parameters, so htmlAttributes take precedence. @@ -860,7 +863,7 @@ namespace Microsoft.AspNet.Mvc.Rendering throw new ArgumentException(Resources.ArgumentCannotBeNullOrEmpty, nameof(expression)); } - var tagBuilder = new TagBuilder("input"); + var tagBuilder = new TagBuilder("input", _htmlEncoder); tagBuilder.MergeAttributes(htmlAttributes); tagBuilder.MergeAttribute("type", GetInputTypeString(inputType)); tagBuilder.MergeAttribute("name", fullName, replaceExisting: true); @@ -945,9 +948,9 @@ namespace Microsoft.AspNet.Mvc.Rendering [NotNull] string url, object htmlAttributes) { - var tagBuilder = new TagBuilder("a") + var tagBuilder = new TagBuilder("a", _htmlEncoder) { - InnerHtml = WebUtility.HtmlEncode(linkText), + InnerHtml = _htmlEncoder.HtmlEncode(linkText), }; tagBuilder.MergeAttributes(GetHtmlAttributeDictionaryOrNull(htmlAttributes)); @@ -1127,7 +1130,7 @@ namespace Microsoft.AspNet.Mvc.Rendering TagBuilder groupBuilder = null; if (optGroup != null) { - groupBuilder = new TagBuilder("optgroup"); + groupBuilder = new TagBuilder("optgroup", _htmlEncoder); if (optGroup.Name != null) { groupBuilder.MergeAttribute("label", optGroup.Name); @@ -1158,7 +1161,7 @@ namespace Microsoft.AspNet.Mvc.Rendering private string GenerateOption(SelectListItem item) { var encodedText = Encode(item.Text); - var tagBuilder = GenerateOption(item, encodedText); + var tagBuilder = GenerateOption(item, encodedText, _htmlEncoder); return tagBuilder.ToString(TagRenderMode.Normal); } diff --git a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/HtmlHelper.cs b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/HtmlHelper.cs index 557d95f5c0..c52e34159e 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/HtmlHelper.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/HtmlHelper.cs @@ -11,6 +11,7 @@ using Microsoft.AspNet.Mvc.Core; using Microsoft.AspNet.Mvc.ModelBinding; using Microsoft.AspNet.Mvc.Rendering.Expressions; using Microsoft.Framework.Internal; +using Microsoft.Framework.WebEncoders; namespace Microsoft.AspNet.Mvc.Rendering { @@ -37,11 +38,17 @@ namespace Microsoft.AspNet.Mvc.Rendering public HtmlHelper( [NotNull] IHtmlGenerator htmlGenerator, [NotNull] ICompositeViewEngine viewEngine, - [NotNull] IModelMetadataProvider metadataProvider) + [NotNull] IModelMetadataProvider metadataProvider, + [NotNull] IHtmlEncoder htmlEncoder, + [NotNull] IUrlEncoder urlEncoder, + [NotNull] IJavaScriptStringEncoder javaScriptStringEncoder) { _viewEngine = viewEngine; _htmlGenerator = htmlGenerator; MetadataProvider = metadataProvider; + HtmlEncoder = htmlEncoder; + UrlEncoder = urlEncoder; + JavaScriptStringEncoder = javaScriptStringEncoder; } /// @@ -107,7 +114,16 @@ namespace Microsoft.AspNet.Mvc.Rendering } /// - public IModelMetadataProvider MetadataProvider { get; private set; } + public IHtmlEncoder HtmlEncoder { get; } + + /// + public IUrlEncoder UrlEncoder { get; } + + /// + public IJavaScriptStringEncoder JavaScriptStringEncoder { get; } + + /// + public IModelMetadataProvider MetadataProvider { get; } /// /// Creates a dictionary from an object, by adding each public instance property as a key with its associated diff --git a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/HtmlHelperOfT.cs b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/HtmlHelperOfT.cs index a638bd329a..f8577f0a78 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/HtmlHelperOfT.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/HtmlHelperOfT.cs @@ -8,6 +8,7 @@ using Microsoft.AspNet.Mvc.Core; using Microsoft.AspNet.Mvc.ModelBinding; using Microsoft.AspNet.Mvc.Rendering.Expressions; using Microsoft.Framework.Internal; +using Microsoft.Framework.WebEncoders; namespace Microsoft.AspNet.Mvc.Rendering { @@ -19,8 +20,11 @@ namespace Microsoft.AspNet.Mvc.Rendering public HtmlHelper( [NotNull] IHtmlGenerator htmlGenerator, [NotNull] ICompositeViewEngine viewEngine, - [NotNull] IModelMetadataProvider metadataProvider) - : base(htmlGenerator, viewEngine, metadataProvider) + [NotNull] IModelMetadataProvider metadataProvider, + [NotNull] IHtmlEncoder htmlEncoder, + [NotNull] IUrlEncoder urlEncoder, + [NotNull] IJavaScriptStringEncoder javaScriptStringEncoder) + : base(htmlGenerator, viewEngine, metadataProvider, htmlEncoder, urlEncoder, javaScriptStringEncoder) { } diff --git a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/TagBuilder.cs b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/TagBuilder.cs index 81f09df51f..f9b9aa352a 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/TagBuilder.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Rendering/Html/TagBuilder.cs @@ -4,18 +4,25 @@ using System; using System.Collections.Generic; using System.Globalization; -using System.Net; +using System.IO; using System.Text; using Microsoft.AspNet.Mvc.Core; using Microsoft.Framework.Internal; +using Microsoft.Framework.WebEncoders; namespace Microsoft.AspNet.Mvc.Rendering { public class TagBuilder { private string _innerHtml; + private readonly IHtmlEncoder _htmlEncoder; public TagBuilder(string tagName) + : this(tagName, HtmlEncoder.Default) + { + } + + public TagBuilder(string tagName, [NotNull] IHtmlEncoder htmlEncoder) { if (string.IsNullOrEmpty(tagName)) { @@ -24,6 +31,7 @@ namespace Microsoft.AspNet.Mvc.Rendering TagName = tagName; Attributes = new SortedDictionary(StringComparer.OrdinalIgnoreCase); + _htmlEncoder = htmlEncoder; } public IDictionary Attributes { get; private set; } @@ -106,7 +114,7 @@ namespace Microsoft.AspNet.Mvc.Rendering } } - private void AppendAttributes(StringBuilder sb) + private void AppendAttributes(TextWriter textWriter) { foreach (var attribute in Attributes) { @@ -117,12 +125,11 @@ namespace Microsoft.AspNet.Mvc.Rendering continue; } - var value = WebUtility.HtmlEncode(attribute.Value); - sb.Append(' ') - .Append(key) - .Append("=\"") - .Append(value) - .Append('"'); + textWriter.Write(' '); + textWriter.Write(key); + textWriter.Write("=\""); + _htmlEncoder.HtmlEncode(attribute.Value, textWriter); + textWriter.Write('"'); } } @@ -164,7 +171,7 @@ namespace Microsoft.AspNet.Mvc.Rendering public void SetInnerText(string innerText) { - InnerHtml = WebUtility.HtmlEncode(innerText); + InnerHtml = _htmlEncoder.HtmlEncode(innerText); } public HtmlString ToHtmlString(TagRenderMode renderMode) @@ -179,39 +186,41 @@ namespace Microsoft.AspNet.Mvc.Rendering public string ToString(TagRenderMode renderMode) { - var sb = new StringBuilder(); - switch (renderMode) + using (var stringWriter = new StringWriter()) { - case TagRenderMode.StartTag: - sb.Append('<') - .Append(TagName); - AppendAttributes(sb); - sb.Append('>'); - break; - case TagRenderMode.EndTag: - sb.Append("'); - break; - case TagRenderMode.SelfClosing: - sb.Append('<') - .Append(TagName); - AppendAttributes(sb); - sb.Append(" />"); - break; - default: - sb.Append('<') - .Append(TagName); - AppendAttributes(sb); - sb.Append('>') - .Append(InnerHtml) - .Append("'); - break; - } + switch (renderMode) + { + case TagRenderMode.StartTag: + stringWriter.Write('<'); + stringWriter.Write(TagName); + AppendAttributes(stringWriter); + stringWriter.Write('>'); + break; + case TagRenderMode.EndTag: + stringWriter.Write("'); + break; + case TagRenderMode.SelfClosing: + stringWriter.Write('<'); + stringWriter.Write(TagName); + AppendAttributes(stringWriter); + stringWriter.Write(" />"); + break; + default: + stringWriter.Write('<'); + stringWriter.Write(TagName); + AppendAttributes(stringWriter); + stringWriter.Write('>'); + stringWriter.Write(InnerHtml); + stringWriter.Write("'); + break; + } - return sb.ToString(); + return stringWriter.ToString(); + } } private static class Html401IdUtil diff --git a/src/Microsoft.AspNet.Mvc.Core/Rendering/IHtmlHelper.cs b/src/Microsoft.AspNet.Mvc.Core/Rendering/IHtmlHelper.cs index 7e8209fd75..4a27b73ee0 100644 --- a/src/Microsoft.AspNet.Mvc.Core/Rendering/IHtmlHelper.cs +++ b/src/Microsoft.AspNet.Mvc.Core/Rendering/IHtmlHelper.cs @@ -5,6 +5,7 @@ using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.AspNet.Mvc.ModelBinding; using Microsoft.Framework.Internal; +using Microsoft.Framework.WebEncoders; namespace Microsoft.AspNet.Mvc.Rendering { @@ -45,6 +46,21 @@ namespace Microsoft.AspNet.Mvc.Rendering /// ViewDataDictionary ViewData { get; } + /// + /// Gets the to be used for encoding HTML. + /// + IHtmlEncoder HtmlEncoder { get; } + + /// + /// Gets the to be used for encoding a URL. + /// + IUrlEncoder UrlEncoder { get; } + + /// + /// Gets the to be used for encoding JavaScript. + /// + IJavaScriptStringEncoder JavaScriptStringEncoder { get; } + /// /// Returns an anchor (<a>) element that contains a URL path to the specified action. /// diff --git a/src/Microsoft.AspNet.Mvc.Razor.Host/MvcRazorHost.cs b/src/Microsoft.AspNet.Mvc.Razor.Host/MvcRazorHost.cs index 997346a4ab..a639c4cf62 100644 --- a/src/Microsoft.AspNet.Mvc.Razor.Host/MvcRazorHost.cs +++ b/src/Microsoft.AspNet.Mvc.Razor.Host/MvcRazorHost.cs @@ -100,6 +100,7 @@ namespace Microsoft.AspNet.Mvc.Razor CreateTagHelperMethodName = "CreateTagHelper", StartWritingScopeMethodName = "StartWritingScope", EndWritingScopeMethodName = "EndWritingScope", + HtmlEncoderPropertyName = "HtmlEncoder", }) { ResolveUrlMethodName = "Href", diff --git a/src/Microsoft.AspNet.Mvc.Razor/RazorPage.cs b/src/Microsoft.AspNet.Mvc.Razor/RazorPage.cs index f0a1a9c787..7939e032c4 100644 --- a/src/Microsoft.AspNet.Mvc.Razor/RazorPage.cs +++ b/src/Microsoft.AspNet.Mvc.Razor/RazorPage.cs @@ -5,7 +5,6 @@ using System; using System.Collections.Generic; using System.IO; using System.Linq; -using System.Net; using System.Security.Principal; using System.Threading.Tasks; using Microsoft.AspNet.Http; @@ -14,6 +13,7 @@ using Microsoft.AspNet.PageExecutionInstrumentation; using Microsoft.AspNet.Razor.Runtime.TagHelpers; using Microsoft.Framework.DependencyInjection; using Microsoft.Framework.Internal; +using Microsoft.Framework.WebEncoders; namespace Microsoft.AspNet.Mvc.Razor { @@ -61,6 +61,12 @@ namespace Microsoft.AspNet.Mvc.Razor /// public bool IsPartial { get; set; } + /// + /// Gets the to be used for encoding HTML. + /// + [Activate] + public IHtmlEncoder HtmlEncoder { get; set; } + /// public IPageExecutionContext PageExecutionContext { get; set; } @@ -264,7 +270,7 @@ namespace Microsoft.AspNet.Mvc.Razor { if (!string.IsNullOrEmpty(value)) { - writer.Write(WebUtility.HtmlEncode(value)); + HtmlEncoder.HtmlEncode(value, writer); } } diff --git a/src/Microsoft.AspNet.Mvc.TagHelpers/LinkTagHelper.cs b/src/Microsoft.AspNet.Mvc.TagHelpers/LinkTagHelper.cs index f130e075e1..543e863d90 100644 --- a/src/Microsoft.AspNet.Mvc.TagHelpers/LinkTagHelper.cs +++ b/src/Microsoft.AspNet.Mvc.TagHelpers/LinkTagHelper.cs @@ -2,10 +2,8 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System.Collections.Generic; -using System.Diagnostics; using System.Globalization; using System.Linq; -using System.Net; using System.Text; using Microsoft.AspNet.Hosting; using Microsoft.AspNet.Mvc.TagHelpers.Internal; @@ -152,6 +150,9 @@ namespace Microsoft.AspNet.Mvc.TagHelpers [Activate] protected internal IMemoryCache Cache { get; set; } + [Activate] + protected internal IHtmlEncoder HtmlEncoder { get; set; } + // Internal for ease of use when testing. protected internal GlobbingUrlBuilder GlobbingUrlBuilder { get; set; } @@ -207,7 +208,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers foreach (var url in urls) { - attributes["href"] = WebUtility.HtmlEncode(url); + attributes["href"] = HtmlEncoder.HtmlEncode(url); BuildLinkTag(attributes, builder); } } @@ -225,7 +226,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers builder.AppendFormat( CultureInfo.InvariantCulture, "", - WebUtility.HtmlEncode(FallbackTestClass)); + HtmlEncoder.HtmlEncode(FallbackTestClass)); // Build the ", output.Content); } + [Fact] + public async Task RendersScriptTagsForGlobbedSrcResults_UsesProvidedEncoder() + { + // Arrange + var context = MakeTagHelperContext( + attributes: new Dictionary + { + ["src"] = "/js/site.js", + ["asp-src-include"] = "**/*.js" + }); + var output = MakeTagHelperOutput("script", attributes: new Dictionary + { + ["src"] = "/js/site.js" + }); + var logger = new Mock>(); + var hostingEnvironment = MakeHostingEnvironment(); + var viewContext = MakeViewContext(); + var globbingUrlBuilder = new Mock(); + globbingUrlBuilder.Setup(g => g.BuildUrlList("/js/site.js", "**/*.js", null)) + .Returns(new[] { "/js/site.js", "/common.js" }); + var helper = new ScriptTagHelper + { + GlobbingUrlBuilder = globbingUrlBuilder.Object, + Logger = logger.Object, + HostingEnvironment = hostingEnvironment, + ViewContext = viewContext, + SrcInclude = "**/*.js", + HtmlEncoder = new TestHtmlEncoder() + }; + + // Act + await helper.ProcessAsync(context, output); + + // Assert + Assert.Equal("" + + "", output.Content); + } + private TagHelperContext MakeTagHelperContext( IDictionary attributes = null, string content = null) @@ -424,7 +466,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers { attributes = attributes ?? new Dictionary(); - return new TagHelperOutput(tagName, attributes); + return new TagHelperOutput(tagName, attributes, new HtmlEncoder()); } private TagHelperLogger CreateLogger() @@ -445,5 +487,27 @@ namespace Microsoft.AspNet.Mvc.TagHelpers return hostingEnvironment.Object; } + + private class TestHtmlEncoder : IHtmlEncoder + { + public string HtmlEncode(string value) + { + return "HtmlEncode[[" + value + "]]"; + } + + public void HtmlEncode(string value, int startIndex, int charCount, TextWriter output) + { + output.Write("HtmlEncode[["); + output.Write(value.Substring(startIndex, charCount)); + output.Write("]]"); + } + + public void HtmlEncode(char[] value, int startIndex, int charCount, TextWriter output) + { + output.Write("HtmlEncode[["); + output.Write(value, startIndex, charCount); + output.Write("]]"); + } + } } } \ No newline at end of file diff --git a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/SelectTagHelperTest.cs b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/SelectTagHelperTest.cs index cb9d408ccd..bcfd5bbd55 100644 --- a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/SelectTagHelperTest.cs +++ b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/SelectTagHelperTest.cs @@ -9,6 +9,7 @@ using System.Threading.Tasks; using Microsoft.AspNet.Mvc.ModelBinding; using Microsoft.AspNet.Mvc.Rendering; using Microsoft.AspNet.Razor.Runtime.TagHelpers; +using Microsoft.Framework.WebEncoders; using Moq; using Xunit; @@ -202,7 +203,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers items: new Dictionary(), uniqueId: "test", getChildContentAsync: () => Task.FromResult("Something")); - var output = new TagHelperOutput(expectedTagName, originalAttributes) + var output = new TagHelperOutput(expectedTagName, originalAttributes, new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, @@ -287,7 +288,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers items: new Dictionary(), uniqueId: "test", getChildContentAsync: () => Task.FromResult("Something")); - var output = new TagHelperOutput(expectedTagName, originalAttributes) + var output = new TagHelperOutput(expectedTagName, originalAttributes, new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, @@ -386,7 +387,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers items: new Dictionary(), uniqueId: "test", getChildContentAsync: () => Task.FromResult("Something")); - var output = new TagHelperOutput(expectedTagName, originalAttributes) + var output = new TagHelperOutput(expectedTagName, originalAttributes, new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, @@ -470,7 +471,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers items: new Dictionary(), uniqueId: "test", getChildContentAsync: () => Task.FromResult("Something")); - var output = new TagHelperOutput(expectedTagName, originalAttributes); + var output = new TagHelperOutput(expectedTagName, originalAttributes, new HtmlEncoder()); var metadataProvider = new EmptyModelMetadataProvider(); string model = null; @@ -536,7 +537,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers items: new Dictionary(), uniqueId: "test", getChildContentAsync: () => Task.FromResult("Something")); - var output = new TagHelperOutput(tagName, originalAttributes); + var output = new TagHelperOutput(tagName, originalAttributes, new HtmlEncoder()); var metadataProvider = new EmptyModelMetadataProvider(); var modelExplorer = metadataProvider.GetModelExplorerForType(modelType, model); @@ -592,7 +593,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers items: new Dictionary(), uniqueId: "test", getChildContentAsync: () => Task.FromResult("Something")); - var output = new TagHelperOutput(expectedTagName, originalAttributes); + var output = new TagHelperOutput(expectedTagName, originalAttributes, new HtmlEncoder()); var tagHelper = new SelectTagHelper { Items = Enumerable.Empty(), diff --git a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TagHelperOutputExtensionsTest.cs b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TagHelperOutputExtensionsTest.cs index ef2ab072fc..52b5c0ab74 100644 --- a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TagHelperOutputExtensionsTest.cs +++ b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TagHelperOutputExtensionsTest.cs @@ -6,6 +6,7 @@ using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.AspNet.Mvc.Rendering; using Microsoft.AspNet.Razor.Runtime.TagHelpers; +using Microsoft.Framework.WebEncoders; using Xunit; namespace Microsoft.AspNet.Mvc.TagHelpers @@ -20,7 +21,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers // Arrange var tagHelperOutput = new TagHelperOutput( "p", - attributes: new Dictionary()); + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()); var tagHelperContext = new TagHelperContext( allAttributes: new Dictionary(StringComparer.Ordinal) { @@ -49,7 +51,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers attributes: new Dictionary() { { attributeName, "world2" } - }); + }, + htmlEncoder: new HtmlEncoder()); var expectedAttribute = new KeyValuePair(attributeName, "world2"); var tagHelperContext = new TagHelperContext( allAttributes: new Dictionary(StringComparer.Ordinal) @@ -78,7 +81,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers { { "route-Hello", "World" }, { "Route-I", "Am" } - }); + }, + htmlEncoder: new HtmlEncoder()); var expectedAttribute = new KeyValuePair("type", "btn"); tagHelperOutput.Attributes.Add(expectedAttribute); var attributes = tagHelperOutput.FindPrefixedAttributes("route-"); @@ -101,7 +105,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers { { "routeHello", "World" }, { "Routee-I", "Am" } - }); + }, + htmlEncoder: new HtmlEncoder()); // Act var attributes = tagHelperOutput.FindPrefixedAttributes("route-"); @@ -120,11 +125,12 @@ namespace Microsoft.AspNet.Mvc.TagHelpers // Arrange var tagHelperOutput = new TagHelperOutput( "p", - attributes: new Dictionary()); + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()); var expectedAttribute = new KeyValuePair("type", "btn"); tagHelperOutput.Attributes.Add(expectedAttribute); - var tagBuilder = new TagBuilder("p"); + var tagBuilder = new TagBuilder("p", new HtmlEncoder()); tagBuilder.Attributes.Add("type", "hello"); // Act @@ -141,10 +147,11 @@ namespace Microsoft.AspNet.Mvc.TagHelpers // Arrange var tagHelperOutput = new TagHelperOutput( "p", - attributes: new Dictionary()); + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()); tagHelperOutput.Attributes.Add("class", "Hello"); - var tagBuilder = new TagBuilder("p"); + var tagBuilder = new TagBuilder("p", new HtmlEncoder()); tagBuilder.Attributes.Add("class", "btn"); var expectedAttribute = new KeyValuePair("class", "Hello btn"); @@ -167,10 +174,11 @@ namespace Microsoft.AspNet.Mvc.TagHelpers // Arrange var tagHelperOutput = new TagHelperOutput( "p", - attributes: new Dictionary()); + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()); tagHelperOutput.Attributes.Add(originalName, "Hello"); - var tagBuilder = new TagBuilder("p"); + var tagBuilder = new TagBuilder("p", new HtmlEncoder()); tagBuilder.Attributes.Add(updateName, "btn"); // Act @@ -187,9 +195,10 @@ namespace Microsoft.AspNet.Mvc.TagHelpers // Arrange var tagHelperOutput = new TagHelperOutput( "p", - attributes: new Dictionary()); + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()); - var tagBuilder = new TagBuilder("p"); + var tagBuilder = new TagBuilder("p", new HtmlEncoder()); var expectedAttribute = new KeyValuePair("visible", "val < 3"); tagBuilder.Attributes.Add(expectedAttribute); @@ -207,9 +216,10 @@ namespace Microsoft.AspNet.Mvc.TagHelpers // Arrange var tagHelperOutput = new TagHelperOutput( "p", - attributes: new Dictionary()); + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()); - var tagBuilder = new TagBuilder("p"); + var tagBuilder = new TagBuilder("p", new HtmlEncoder()); var expectedAttribute1 = new KeyValuePair("class", "btn"); var expectedAttribute2 = new KeyValuePair("class2", "btn"); tagBuilder.Attributes.Add(expectedAttribute1); @@ -232,11 +242,12 @@ namespace Microsoft.AspNet.Mvc.TagHelpers // Arrange var tagHelperOutput = new TagHelperOutput( "p", - attributes: new Dictionary()); + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()); var expectedAttribute = new KeyValuePair("class", "btn"); tagHelperOutput.Attributes.Add(expectedAttribute); - var tagBuilder = new TagBuilder("p"); + var tagBuilder = new TagBuilder("p", new HtmlEncoder()); // Act tagHelperOutput.MergeAttributes(tagBuilder); @@ -252,11 +263,12 @@ namespace Microsoft.AspNet.Mvc.TagHelpers // Arrange var tagHelperOutput = new TagHelperOutput( "p", - attributes: new Dictionary()); + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()); var expectedOutputAttribute = new KeyValuePair("class", "btn"); tagHelperOutput.Attributes.Add(expectedOutputAttribute); - var tagBuilder = new TagBuilder("p"); + var tagBuilder = new TagBuilder("p", new HtmlEncoder()); var expectedBuilderAttribute = new KeyValuePair("for", "hello"); tagBuilder.Attributes.Add(expectedBuilderAttribute); diff --git a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TestableHtmlGenerator.cs b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TestableHtmlGenerator.cs index 0fb478208c..b2ef5823c3 100644 --- a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TestableHtmlGenerator.cs +++ b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TestableHtmlGenerator.cs @@ -11,6 +11,7 @@ using Microsoft.AspNet.Mvc.Rendering; using Microsoft.AspNet.Routing; using Microsoft.Framework.DependencyInjection; using Microsoft.Framework.OptionsModel; +using Microsoft.Framework.WebEncoders; using Moq; namespace Microsoft.AspNet.Mvc.TagHelpers @@ -38,7 +39,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers IScopedInstance bindingContextAccessor, IUrlHelper urlHelper, IDictionary validationAttributes) - : base(GetAntiForgery(), bindingContextAccessor, metadataProvider, urlHelper) + : base(GetAntiForgery(), bindingContextAccessor, metadataProvider, urlHelper, new HtmlEncoder()) { _validationAttributes = validationAttributes; } @@ -65,7 +66,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers public override TagBuilder GenerateAntiForgery(ViewContext viewContext) { - return new TagBuilder("input") + return new TagBuilder("input", new HtmlEncoder()) { Attributes = { @@ -95,7 +96,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers Mock.Of(), Mock.Of(), Mock.Of(), - optionsAccessor.Object); + optionsAccessor.Object, + new HtmlEncoder()); return antiForgery; } diff --git a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TextAreaTagHelperTest.cs b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TextAreaTagHelperTest.cs index 94b0dcacb4..6b54a85f94 100644 --- a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TextAreaTagHelperTest.cs +++ b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/TextAreaTagHelperTest.cs @@ -7,6 +7,7 @@ using System.Threading.Tasks; using Microsoft.AspNet.Mvc.ModelBinding; using Microsoft.AspNet.Mvc.Rendering; using Microsoft.AspNet.Razor.Runtime.TagHelpers; +using Microsoft.Framework.WebEncoders; using Xunit; namespace Microsoft.AspNet.Mvc.TagHelpers @@ -121,7 +122,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers { { "class", "form-control" }, }; - var output = new TagHelperOutput(expectedTagName, htmlAttributes) + var output = new TagHelperOutput(expectedTagName, htmlAttributes, new HtmlEncoder()) { Content = "original content", SelfClosing = true, @@ -174,7 +175,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers items: new Dictionary(), uniqueId: "test", getChildContentAsync: () => Task.FromResult("Something")); - var output = new TagHelperOutput(expectedTagName, expectedAttributes) + var output = new TagHelperOutput(expectedTagName, expectedAttributes, new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, diff --git a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/ValidationMessageTagHelperTest.cs b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/ValidationMessageTagHelperTest.cs index ef7999c689..3f9450028a 100644 --- a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/ValidationMessageTagHelperTest.cs +++ b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/ValidationMessageTagHelperTest.cs @@ -9,6 +9,7 @@ using Microsoft.AspNet.Mvc.ModelBinding; using Microsoft.AspNet.Mvc.Rendering; using Microsoft.AspNet.Razor.Runtime.TagHelpers; using Microsoft.AspNet.Routing; +using Microsoft.Framework.WebEncoders; using Moq; using Xunit; @@ -46,7 +47,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers attributes: new Dictionary { { "id", "myvalidationmessage" } - }) + }, + htmlEncoder: new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, @@ -96,7 +98,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers getChildContentAsync: () => Task.FromResult("Something")); var output = new TagHelperOutput( "span", - attributes: new Dictionary()) + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, @@ -107,7 +110,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers generator .Setup(mock => mock.GenerateValidationMessage(expectedViewContext, "Hello", null, null, null)) - .Returns(new TagBuilder("span")) + .Returns(new TagBuilder("span", new HtmlEncoder())) .Verifiable(); validationMessageTagHelper.Generator = generator.Object; validationMessageTagHelper.ViewContext = expectedViewContext; @@ -137,7 +140,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers }; var output = new TagHelperOutput( "span", - attributes: new Dictionary()) + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()) { Content = outputContent }; @@ -147,7 +151,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers items: new Dictionary(), uniqueId: "test", getChildContentAsync: () => Task.FromResult(childContent)); - var tagBuilder = new TagBuilder("span2") + var tagBuilder = new TagBuilder("span2", new HtmlEncoder()) { InnerHtml = "New HTML" }; @@ -193,14 +197,15 @@ namespace Microsoft.AspNet.Mvc.TagHelpers }; var output = new TagHelperOutput( "span", - attributes: new Dictionary()); + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()); var context = new TagHelperContext( allAttributes: new Dictionary(), items: new Dictionary(), uniqueId: "test", getChildContentAsync: () => Task.FromResult(childContent)); - var tagBuilder = new TagBuilder("span2") + var tagBuilder = new TagBuilder("span2", new HtmlEncoder()) { InnerHtml = "New HTML" }; @@ -243,7 +248,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers var expectedPostContent = "original post-content"; var output = new TagHelperOutput( "span", - attributes: new Dictionary()) + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, diff --git a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/ValidationSummaryTagHelperTest.cs b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/ValidationSummaryTagHelperTest.cs index fe361c1866..6f38ddf41a 100644 --- a/test/Microsoft.AspNet.Mvc.TagHelpers.Test/ValidationSummaryTagHelperTest.cs +++ b/test/Microsoft.AspNet.Mvc.TagHelpers.Test/ValidationSummaryTagHelperTest.cs @@ -11,6 +11,7 @@ using Microsoft.AspNet.Mvc.Rendering; using Microsoft.AspNet.Razor.Runtime.TagHelpers; using Microsoft.AspNet.Routing; using Microsoft.AspNet.Testing; +using Microsoft.Framework.WebEncoders; using Moq; using Xunit; @@ -52,7 +53,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers attributes: new Dictionary { { "class", "form-control" } - }) + }, + htmlEncoder: new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, @@ -98,7 +100,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers var expectedPostContent = "original post-content"; var output = new TagHelperOutput( "div", - attributes: new Dictionary()) + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, @@ -113,7 +116,7 @@ namespace Microsoft.AspNet.Mvc.TagHelpers null, // message null, // headerTag null)) // htmlAttributes - .Returns(new TagBuilder("div")) + .Returns(new TagBuilder("div", new HtmlEncoder())) .Verifiable(); validationSummaryTagHelper.ViewContext = expectedViewContext; validationSummaryTagHelper.Generator = generator.Object; @@ -141,13 +144,14 @@ namespace Microsoft.AspNet.Mvc.TagHelpers var expectedContent = "original content"; var output = new TagHelperOutput( "div", - attributes: new Dictionary()) + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, PostContent = "Content of validation summary" }; - var tagBuilder = new TagBuilder("span2") + var tagBuilder = new TagBuilder("span2", new HtmlEncoder()) { InnerHtml = "New HTML" }; @@ -199,7 +203,8 @@ namespace Microsoft.AspNet.Mvc.TagHelpers var expectedPostContent = "original post-content"; var output = new TagHelperOutput( "div", - attributes: new Dictionary()) + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, @@ -236,13 +241,14 @@ namespace Microsoft.AspNet.Mvc.TagHelpers var expectedContent = "original content"; var output = new TagHelperOutput( "div", - attributes: new Dictionary()) + attributes: new Dictionary(), + htmlEncoder: new HtmlEncoder()) { PreContent = expectedPreContent, Content = expectedContent, PostContent = "Content of validation message", }; - var tagBuilder = new TagBuilder("span2") + var tagBuilder = new TagBuilder("span2", new HtmlEncoder()) { InnerHtml = "New HTML" }; diff --git a/test/WebSites/ActivatorWebSite/TagHelpers/TitleTagHelper.cs b/test/WebSites/ActivatorWebSite/TagHelpers/TitleTagHelper.cs index 8c71fef5fd..8a99555798 100644 --- a/test/WebSites/ActivatorWebSite/TagHelpers/TitleTagHelper.cs +++ b/test/WebSites/ActivatorWebSite/TagHelpers/TitleTagHelper.cs @@ -19,7 +19,7 @@ namespace ActivatorWebSite.TagHelpers public override void Process(TagHelperContext context, TagHelperOutput output) { - var builder = new TagBuilder("h2"); + var builder = new TagBuilder("h2", HtmlHelper.HtmlEncoder); var title = ViewContext.ViewBag.Title; builder.InnerHtml = HtmlHelper.Encode(title); output.PreContent = builder.ToString(); diff --git a/test/WebSites/TagHelpersWebSite/TagHelpers/PrettyTagHelper.cs b/test/WebSites/TagHelpersWebSite/TagHelpers/PrettyTagHelper.cs index c1d6f211c2..f66e3f2412 100644 --- a/test/WebSites/TagHelpersWebSite/TagHelpers/PrettyTagHelper.cs +++ b/test/WebSites/TagHelpersWebSite/TagHelpers/PrettyTagHelper.cs @@ -14,16 +14,11 @@ namespace TagHelpersWebSite.TagHelpers private static readonly Dictionary PrettyTagStyles = new Dictionary(StringComparer.OrdinalIgnoreCase) { - { "a", @"background-color: gray; - color: white; - border-radius: 3px; - border: 1px solid black; - padding: 3px; - font-family: cursive;" }, - { "strong", @"font-size: 1.25em; - text-decoration: underline;" }, - { "h1", @"font-family: cursive;" }, - { "h3", @"font-family: cursive;" } + { "a", "background-color: gray;color: white;border-radius: 3px;" + + "border: 1px solid black;padding: 3px;font-family: cursive;" }, + { "strong", "font-size: 1.25em;text-decoration: underline;" }, + { "h1", "font-family: cursive;" }, + { "h3", "font-family: cursive;" } }; public bool? MakePretty { get; set; }