Sanitize Html

#457
SeriaWei · Apr 14, 2022 · 833c546 · 833c546
1 parent 53109ba
commit 833c546
Showing 1 changed file with 36 additions and 1 deletion.
diff --git a/src/ZKEACMS/Common/Service/NavigationService.cs b/src/ZKEACMS/Common/Service/NavigationService.cs
@@ -11,13 +11,16 @@
 using ZKEACMS.Common.Models;
 using Easy;
 using Microsoft.EntityFrameworkCore;
+using ZKEACMS.Safety;
 
 namespace ZKEACMS.Common.Service
 {
     public class NavigationService : ServiceBase<NavigationEntity, CMSDbContext>, INavigationService
     {
-        public NavigationService(IApplicationContext applicationContext, CMSDbContext dbContext) : base(applicationContext, dbContext)
+        private readonly IHtmlSanitizer _htmlSanitizer;
+        public NavigationService(IApplicationContext applicationContext, CMSDbContext dbContext, IHtmlSanitizer htmlSanitizer) : base(applicationContext, dbContext)
         {
+            _htmlSanitizer = htmlSanitizer;
         }
         public override DbSet<NavigationEntity> CurrentDbSet => DbContext.Navigation;
         public override ServiceResult<NavigationEntity> Add(NavigationEntity item)
@@ -27,8 +30,34 @@ public override ServiceResult<NavigationEntity> Add(NavigationEntity item)
                 item.ParentId = "#";
             }
             item.ID = Guid.NewGuid().ToString("N");
+            Santize(item);
             return base.Add(item);
         }
+
+        public override ServiceResult<NavigationEntity> AddRange(params NavigationEntity[] items)
+        {
+            foreach (var item in items)
+            {
+                Santize(item);
+            }
+            return base.AddRange(items);
+        }
+
+        public override ServiceResult<NavigationEntity> Update(NavigationEntity item)
+        {
+            Santize(item);
+            return base.Update(item);
+        }
+
+        public override ServiceResult<NavigationEntity> UpdateRange(params NavigationEntity[] items)
+        {
+            foreach (var item in items)
+            {
+                Santize(item);
+            }
+            return base.UpdateRange(items);
+        }
+
         public override void Remove(NavigationEntity item)
         {
             Remove(m => m.ParentId == item.ID);
@@ -73,5 +102,11 @@ public void Move(string id, string parentId, int position, int oldPosition)
             }
             Update(nav);
         }
+
+        private void Santize(NavigationEntity item)
+        {
+            item.Title = _htmlSanitizer.Sanitize(item.Title);
+            item.Html = _htmlSanitizer.Sanitize(item.Html);
+        }
     }
 }