aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-31 04:34:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bcb692caf02400a52cefb1eefed270e6894454bb
btcpayserver/BTCPayServer/TagHelpers/CSPA.cs
Nicolas Dorier 11d6588249 Add suggestion list for currency inputs (#3347) 
* Move tagHelpers in their own directory

* Add suggestion list for currency inputs
2022-01-24 20:00:13 +09:00

30 lines
864 B
C#
Raw Blame History

using System;
using BTCPayServer.Security;
using Microsoft.AspNetCore.Razor.TagHelpers;
namespace BTCPayServer.TagHelpers;
/// <summary>
/// Add sha256- to allow inline event handlers in a:href=javascript:
/// </summary>
[HtmlTargetElement("a", Attributes = "csp-allow")]
public class CSPA : TagHelper
{
private readonly ContentSecurityPolicies _csp;
public CSPA(ContentSecurityPolicies csp)
{
_csp = csp;
}
public override void Process(TagHelperContext context, TagHelperOutput output)
{
output.Attributes.RemoveAll("csp-allow");
if (output.Attributes.TryGetAttribute("href", out var attr))
{
var v = attr.Value.ToString();
if (v.StartsWith("javascript:", StringComparison.OrdinalIgnoreCase))
{
_csp.AllowUnsafeHashes(v);
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink