From 2e34b3b2c1697c4e0673227f6a7cc591559c5158 Mon Sep 17 00:00:00 2001 From: Michael Wilson <76768244+michael-wilson-au@users.noreply.github.com> Date: Fri, 24 Mar 2023 02:07:49 +1100 Subject: [PATCH 1/3] Narrative HTML validation fix (#3101) --- .../Validation/Narratives/NarrativeHtmlSanitizer.cs | 6 ++++-- .../Validation/Narratives/NarrativeHtmlSanitizerTests.cs | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs b/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs index ac234a1039..1d5e59b7e2 100644 --- a/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs +++ b/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs @@ -180,9 +180,11 @@ public IEnumerable Validate(string html) var dom = parser.ParseDocument(string.Format(HtmlTemplate, html)); // Report parsing errors - if (errors.Any()) + var htmlParseErrors = errors.Where(x => RaiseErrorTypes.Contains((HtmlParseError)x.Code)).ToList(); + + if (htmlParseErrors.Any()) { - foreach (var error in errors.Where(x => RaiseErrorTypes.Contains((HtmlParseError)x.Code))) + foreach (var error in htmlParseErrors) { yield return string.Format(Core.Resources.IllegalHtmlParsingError, error.Message, error.Position.Line, error.Position.Column); } diff --git a/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs b/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs index 6d3f400389..4f63783873 100644 --- a/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs +++ b/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs @@ -41,7 +41,8 @@ public void Validate(string code) [InlineData("
text
div>")] [InlineData("Example!")] [InlineData("
Example!
")] - public void GivenHtmlWithEmptyDiv_WhenSanitizingHtml_ThenAValidationErrorIsReturned(string val) + [InlineData("
This tag should return validation error
")] + public void GivenInvalidNarrativeHtml_WhenSanitizingHtml_ThenAValidationErrorIsReturned(string val) { var results = _sanitizer.Validate(val); From 7eb80cf3d0b03e8fba12949a3199d8016881f0c6 Mon Sep 17 00:00:00 2001 From: LTA-Thinking Date: Thu, 23 Mar 2023 09:19:45 -0700 Subject: [PATCH 2/3] Remove src check --- .../Narratives/NarrativeHtmlSanitizer.cs | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs b/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs index 1d5e59b7e2..0a96e732b6 100644 --- a/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs +++ b/src/Microsoft.Health.Fhir.Core/Features/Validation/Narratives/NarrativeHtmlSanitizer.cs @@ -131,14 +131,6 @@ public class NarrativeHtmlSanitizer : INarrativeHtmlSanitizer "xmlns", }; - private static readonly ISet Src = new HashSet(StringComparer.OrdinalIgnoreCase) - { - "#", - "data:", - "http:", - "https:", - }; - // Obvious invalid structural parsing errors to report private static readonly ISet RaiseErrorTypes = new HashSet { @@ -291,14 +283,6 @@ private static void ValidateAttributes(IElement element, Action { onInvalidAttr(element, attr); } - - if (string.Equals("src", attr.Name, StringComparison.OrdinalIgnoreCase)) - { - if (!Src.Any(x => attr.Value.StartsWith(x, StringComparison.OrdinalIgnoreCase))) - { - onInvalidAttr(element, attr); - } - } } } } From 597d127a6d7a5d1338cca2e2840c47a9d23ab984 Mon Sep 17 00:00:00 2001 From: LTA-Thinking Date: Thu, 23 Mar 2023 13:34:21 -0700 Subject: [PATCH 3/3] Add examples --- .../Validation/Narratives/NarrativeHtmlSanitizerTests.cs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs b/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs index 4f63783873..1130984888 100644 --- a/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs +++ b/src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Validation/Narratives/NarrativeHtmlSanitizerTests.cs @@ -55,6 +55,7 @@ public void GivenInvalidNarrativeHtml_WhenSanitizingHtml_ThenAValidationErrorIsR [InlineData("
Test
")] [InlineData("
Test
")] [InlineData("

")] + [InlineData("
")] public void GivenHtmlWithDivAndText_WhenSanitizingHtml_ThenValidationIsSuccessful(string val) { var results = _sanitizer.Validate(val); @@ -62,10 +63,12 @@ public void GivenHtmlWithDivAndText_WhenSanitizingHtml_ThenValidationIsSuccessfu Assert.Empty(results); } - [Fact] - public void GivenExampleNarrativeHtml_WhenSanitizingHtml_ThenValidationIsSuccessful() + [Theory] + [InlineData("BasicExampleNarrative")] + [InlineData("StructureDefinition-us-core-birthsex")] + public void GivenExampleNarrativeHtml_WhenSanitizingHtml_ThenValidationIsSuccessful(string name) { - var example = Samples.GetJsonSample("BasicExampleNarrative"); + var example = Samples.GetJsonSample(name); var results = _sanitizer.Validate(example.Text.Div);