From 8af02047490ae7b7b5897c405712b2444bea43e4 Mon Sep 17 00:00:00 2001 From: Derek Holloway Date: Sun, 10 Aug 2025 21:30:54 -0700 Subject: [PATCH] Build the resume Sanitizer --- src/Server/Program.cs | 1 + src/Server/Server.csproj | 9 ++- src/Server/Services/ResumeService.cs | 93 ++++++++++++++++++++++++++++ 3 files changed, 100 insertions(+), 3 deletions(-) create mode 100644 src/Server/Services/ResumeService.cs diff --git a/src/Server/Program.cs b/src/Server/Program.cs index b4435a7..4301875 100755 --- a/src/Server/Program.cs +++ b/src/Server/Program.cs @@ -175,6 +175,7 @@ builder.Services.AddRateLimiter(options => { //////////////////////////////// builder.Services.AddHostedService(); +ResumeService.init(); //////////////////////////////// ///// ASPNET Core Function ///// diff --git a/src/Server/Server.csproj b/src/Server/Server.csproj index c14307e..0225aff 100755 --- a/src/Server/Server.csproj +++ b/src/Server/Server.csproj @@ -8,15 +8,18 @@ - - - + + + + + + diff --git a/src/Server/Services/ResumeService.cs b/src/Server/Services/ResumeService.cs new file mode 100644 index 0000000..92686f6 --- /dev/null +++ b/src/Server/Services/ResumeService.cs @@ -0,0 +1,93 @@ +using Ganss.Xss; + +namespace BoredCareers.Services { + public class ResumeService { + + static HtmlSanitizer _self = new HtmlSanitizer(); + + public static void init() { + // Clear default allowed tags and attributes + _self.AllowedAttributes.Clear(); + _self.AllowedSchemes.Clear(); + _self.AllowedAtRules.Clear(); + _self.AllowedClasses.Clear(); + + // Allowed HTML Tags + _self.AllowedTags.Clear(); + string[] safeTags = [ + "b", "strong", "i", "em", "u", "small", "mark", "del", "ins", "sub", "sup", + "p", "br", "hr", "div", "span", + "section", "article", "header", "footer", "aside", "main", "nav", + "ul", "ol", "li", "dl", "dt", "dd", + "h1", "h2", "h3", "h4", "h5", "h6", + "blockquote", "q", "cite", + "code", "pre", "samp", "kbd", "var", + "table", "thead", "tbody", "tfoot", "tr", "td", "th", + ]; + foreach (string cur in safeTags) { + _self.AllowedTags.Add(cur); + } + + // Allow inline styles only + _self.AllowedAttributes.Add("style"); + string[] safeCssProperties = [ + "align-content", "align-items", "align-self", "all", + "animation", "animation-delay", "animation-direction", "animation-duration", + "animation-fill-mode", "animation-iteration-count", "animation-name", "animation-play-state", + "animation-timing-function", "backface-visibility", "background-color", "background-clip", + "background-origin", "background-position", "background-repeat", "background-size", + "border", "border-bottom", "border-bottom-color", "border-bottom-left-radius", + "border-bottom-right-radius", "border-bottom-style", "border-bottom-width", "border-color", + "border-image-outset", "border-image-repeat", "border-image-slice", "border-image-source", + "border-image-width", "border-left", "border-left-color", "border-left-style", + "border-left-width", "border-radius", "border-right", "border-right-color", + "border-right-style", "border-right-width", "border-spacing", "border-style", + "border-top", "border-top-color", "border-top-left-radius", "border-top-right-radius", + "border-top-style", "border-top-width", "border-width", "bottom", + "box-decoration-break", "box-shadow", "box-sizing", "caption-side", + "clear", "color", "column-count", "column-fill", + "column-gap", "column-rule-color", "column-rule-style", "column-rule-width", + "column-span", "column-width", "columns", "counter-increment", + "counter-reset", "direction", "display", "empty-cells", + "flex", "flex-basis", "flex-direction", "flex-flow", + "flex-grow", "flex-shrink", "flex-wrap", "float", + "font-family", "font-feature-settings", "font-kerning", "font-language-override", + "font-size", "font-size-adjust", "font-stretch", "font-style", + "font-synthesis", "font-variant", "font-variant-alternates", "font-variant-caps", + "font-variant-east-asian", "font-variant-ligatures", "font-variant-numeric", "font-variant-position", + "font-weight", "grid", "grid-area", "grid-auto-columns", + "grid-auto-flow", "grid-auto-rows", "grid-column", "grid-column-end", + "grid-column-gap", "grid-column-start", "grid-gap", "grid-row", + "grid-row-end", "grid-row-gap", "grid-row-start", "grid-template", + "grid-template-areas", "grid-template-columns", "grid-template-rows", "height", + "hyphens", "image-rendering", "isolation", "justify-content", + "left", "letter-spacing", "line-height", "list-style-position", + "list-style-type", "margin", "margin-bottom", "margin-left", + "margin-right", "margin-top", "max-height", "max-width", + "min-height", "min-width", "object-fit", "object-position", + "opacity", "order", "orphans", "outline-color", + "outline-offset", "outline-style", "outline-width", "overflow", + "overflow-wrap", "overflow-x", "overflow-y", "padding", + "padding-bottom", "padding-left", "padding-right", "padding-top", + "page-break-after", "page-break-before", "page-break-inside", "perspective", + "perspective-origin", "pointer-events", "position", "quotes", + "resize", "right", "scroll-behavior", "table-layout", + "tab-size", "text-align", "text-align-last", "text-combine-upright", + "text-indent", "text-justify", "text-orientation", "text-overflow", + "text-shadow", "text-transform", "text-underline-position", "top", + "transform", "transform-origin", "transform-style", "transition", + "transition-delay", "transition-duration", "transition-property", "transition-timing-function", + "unicode-bidi", "user-select", "vertical-align", "visibility", + "white-space", "widows", "width", "word-break", + "word-spacing", "word-wrap", "writing-mode", "z-index" + ]; + foreach (string cur in safeCssProperties) { + _self.AllowedCssProperties.Add(cur); + } + } + + public static string RemoveJavascript(string InputHTML) { + return _self.Sanitize(InputHTML); + } + } +} \ No newline at end of file