diff --git a/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs b/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs index ac234a1039..0a96e732b6 100644 --- a/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs +++ b/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs @@ -131,14 +131,6 @@ public class NarrativeHtmlSanitizer : INarrativeHtmlSanitizer "xmlns", }; - private static readonly ISet Src = new HashSet(StringComparer.OrdinalIgnoreCase) - { - "#", - "data:", - "http:", - "https:", - }; - // Obvious invalid structural parsing errors to report private static readonly ISet RaiseErrorTypes = new HashSet { @@ -180,9 +172,11 @@ public IEnumerable Validate(string html) var dom = parser.ParseDocument(string.Format(HtmlTemplate, html)); // Report parsing errors - if (errors.Any()) + var htmlParseErrors = errors.Where(x => RaiseErrorTypes.Contains((HtmlParseError)x.Code)).ToList(); + + if (htmlParseErrors.Any()) { - foreach (var error in errors.Where(x => RaiseErrorTypes.Contains((HtmlParseError)x.Code))) + foreach (var error in htmlParseErrors) { yield return string.Format(Core.Resources.IllegalHtmlParsingError, error.Message, error.Position.Line, error.Position.Column); } @@ -289,14 +283,6 @@ private static void ValidateAttributes(IElement element, Action { onInvalidAttr(element, attr); } - - if (string.Equals("src", attr.Name, StringComparison.OrdinalIgnoreCase)) - { - if (!Src.Any(x => attr.Value.StartsWith(x, StringComparison.OrdinalIgnoreCase))) - { - onInvalidAttr(element, attr); - } - } } } } diff --git a/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs b/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs index 6d3f400389..1130984888 100644 --- a/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs +++ b/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs @@ -41,7 +41,8 @@ public void Validate(string code) [InlineData("
text
div>")] [InlineData("Example!")] [InlineData("
Example!
")] - public void GivenHtmlWithEmptyDiv_WhenSanitizingHtml_ThenAValidationErrorIsReturned(string val) + [InlineData("
This tag should return validation error
")] + public void GivenInvalidNarrativeHtml_WhenSanitizingHtml_ThenAValidationErrorIsReturned(string val) { var results = _sanitizer.Validate(val); @@ -54,6 +55,7 @@ public void GivenHtmlWithEmptyDiv_WhenSanitizingHtml_ThenAValidationErrorIsRetur [InlineData("
Test
")] [InlineData("
Test
")] [InlineData("

")] + [InlineData("
")] public void GivenHtmlWithDivAndText_WhenSanitizingHtml_ThenValidationIsSuccessful(string val) { var results = _sanitizer.Validate(val); @@ -61,10 +63,12 @@ public void GivenHtmlWithDivAndText_WhenSanitizingHtml_ThenValidationIsSuccessfu Assert.Empty(results); } - [Fact] - public void GivenExampleNarrativeHtml_WhenSanitizingHtml_ThenValidationIsSuccessful() + [Theory] + [InlineData("BasicExampleNarrative")] + [InlineData("StructureDefinition-us-core-birthsex")] + public void GivenExampleNarrativeHtml_WhenSanitizingHtml_ThenValidationIsSuccessful(string name) { - var example = Samples.GetJsonSample("BasicExampleNarrative"); + var example = Samples.GetJsonSample(name); var results = _sanitizer.Validate(example.Text.Div);