Merge commit from fork

Add encoding variants to BaseCustomTokenReplace

Author: valadas

DNN Platform/Library/DotNetNuke.Library.csproj

@@ -946,10 +946,13 @@
     <Compile Include="Services\Tokens\PropertyAccess\AntiForgeryTokenPropertyAccess.cs" />
     <Compile Include="Services\Tokens\PropertyAccess\ArrayListPropertyAccess.cs" />
     <Compile Include="Services\Tokens\PropertyAccess\CssPropertyAccess.cs" />
+    <Compile Include="Services\Tokens\PropertyAccess\HtmlEncodingPropertyAccess.cs" />
     <Compile Include="Services\Tokens\PropertyAccess\JavaScriptDto.cs" />
+    <Compile Include="Services\Tokens\PropertyAccess\JavaScriptEncodingPropertyAccess.cs" />
     <Compile Include="Services\Tokens\PropertyAccess\JavaScriptPropertyAccess.cs" />
     <Compile Include="Services\Tokens\PropertyAccess\JsonPropertyAccess.cs" />
     <Compile Include="Services\Tokens\PropertyAccess\StylesheetDto.cs" />
+    <Compile Include="Services\Tokens\PropertyAccess\UrlEncodingPropertyAccess.cs" />
     <Compile Include="Services\Tokens\Scope.cs" />
     <Compile Include="Services\Tokens\CoreTokenProvider.cs" />
     <Compile Include="Services\Tokens\TokenContext.cs" />

DNN Platform/Library/Services/Tokens/BaseCustomTokenReplace.cs

@@ -149,18 +149,18 @@ protected override string replacedTokenValue(string objectName, string propertyN
             {
                 result = this.PropertySource[objectName.ToLowerInvariant()].GetProperty(propertyName, format, this.FormatProvider, this.AccessingUser, this.CurrentAccessLevel, ref propertyNotFound);
             }
-            else
+            else if (this.DebugMessages)
             {
-                if (this.DebugMessages)
+                string message = Localization.GetString(
+                    "TokenReplaceUnknownObject",
+                    Localization.SharedResourceFile,
+                    this.FormatProvider.ToString());
+                if (message == string.Empty)
                 {
-                    string message = Localization.GetString("TokenReplaceUnknownObject", Localization.SharedResourceFile, this.FormatProvider.ToString());
-                    if (message == string.Empty)
-                    {
-                        message = "Error accessing [{0}:{1}], {0} is an unknown datasource";
-                    }
-
-                    result = string.Format(message, objectName, propertyName);
+                    message = "Error accessing [{0}:{1}], {0} is an unknown datasource";
                 }
+
+                result = string.Format(message, objectName, propertyName);
             }
 
             if (this.DebugMessages && propertyNotFound)
@@ -191,5 +191,33 @@ protected override string ReplaceTokens(string sourceText)
         {
             return this.Provider is CoreTokenProvider ? base.ReplaceTokens(sourceText) : this.Provider.Tokenize(sourceText, this.TokenContext);
         }
+
+        /// <summary>
+        /// Adds the <paramref name="properties"/> with the given <paramref name="name"/> as a source for the token replace, by default HTML encoding its results.
+        /// Additionally, provides derived sources to encode the results in a variety of ways.
+        /// <list type="bullet">
+        /// <item>name - HTML encoded output (e.g. <c>"</c> becomes <c>&quot;</c>)</item>
+        /// <item>name_raw - Raw, unencoded output</item>
+        /// <item>name_url - URL encoded output (e.g. <c>"</c> becomes <c>%22</c>)</item>
+        /// <item>name_js - JavaScript string encoded output (e.g. <c>"</c> becomes <c>\"</c>)</item>
+        /// </list>
+        /// </summary>
+        /// <param name="name">The base name of the source.</param>
+        /// <param name="properties">The <see cref="IPropertyAccess"/> implementation.</param>
+        protected void AddPropertySource(string name, IPropertyAccess properties)
+        {
+            this.PropertySource[name + "_raw"] = properties;
+            this.PropertySource[name] = new HtmlEncodingPropertyAccess(properties);
+            this.PropertySource[name + "_url"] = new UrlEncodingPropertyAccess(properties);
+            this.PropertySource[name + "_js"] = new JavaScriptEncodingPropertyAccess(properties);
+        }
+
+        /// <summary>Adds the <paramref name="properties"/> with the given <paramref name="name"/> as a source for the token replace.</summary>
+        /// <param name="name">The name of the source.</param>
+        /// <param name="properties">The <see cref="IPropertyAccess"/> implementation.</param>
+        protected void AddRawPropertySource(string name, IPropertyAccess properties)
+        {
+            this.PropertySource[name] = properties;
+        }
     }
 }

DNN Platform/Library/Services/Tokens/BaseTokenReplace.cs

@@ -14,7 +14,7 @@ namespace DotNetNuke.Services.Tokens
 
     /// <summary>
     /// The BaseTokenReplace class provides the tokenization of tokens formatted
-    /// [object:property] or [object:property|format|ifEmpty] or [custom:no] within a string
+    /// <c>[object:property]</c> or <c>[object:property|format|ifEmpty]</c> or <c>[custom:no]</c> within a string
     /// with the appropriate current property/custom values.
     /// </summary>
     public abstract class BaseTokenReplace
@@ -102,11 +102,11 @@ protected virtual string ReplaceTokens(string sourceText)
 
                     string propertyName = currentMatch.Result("${property}");
                     string format = currentMatch.Result("${format}");
-                    string ifEmptyReplacment = currentMatch.Result("${ifEmpty}");
+                    string ifEmptyReplacement = currentMatch.Result("${ifEmpty}");
                     string conversion = this.replacedTokenValue(objectName, propertyName, format);
-                    if (!string.IsNullOrEmpty(ifEmptyReplacment) && string.IsNullOrEmpty(conversion))
+                    if (!string.IsNullOrEmpty(ifEmptyReplacement) && string.IsNullOrEmpty(conversion))
                     {
-                        conversion = ifEmptyReplacment;
+                        conversion = ifEmptyReplacement;
                     }
 
                     result.Append(conversion);

DNN Platform/Library/Services/Tokens/HtmlTokenReplace.cs

@@ -12,10 +12,10 @@ public class HtmlTokenReplace : TokenReplace
         public HtmlTokenReplace(Page page)
             : base(Scope.DefaultSettings)
         {
-            this.PropertySource["css"] = new CssPropertyAccess(page);
-            this.PropertySource["js"] = new JavaScriptPropertyAccess(page);
-            this.PropertySource["javascript"] = new JavaScriptPropertyAccess(page);
-            this.PropertySource["antiforgerytoken"] = new AntiForgeryTokenPropertyAccess();
+            this.AddPropertySource("css", new CssPropertyAccess(page));
+            this.AddPropertySource("js", new JavaScriptPropertyAccess(page));
+            this.AddPropertySource("javascript", new JavaScriptPropertyAccess(page));
+            this.AddPropertySource("antiforgerytoken", new AntiForgeryTokenPropertyAccess());
         }
     }
 }

DNN Platform/Library/Services/Tokens/PropertyAccess/HtmlEncodingPropertyAccess.cs

@@ -0,0 +1,41 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information
+
+namespace DotNetNuke.Services.Tokens;
+
+using System.Globalization;
+using System.Net;
+
+using DotNetNuke.Entities.Users;
+
+/// <summary>An <see cref="IPropertyAccess"/> implementation that wraps an existing <see cref="IPropertyAccess"/>, HTML encoding its result.</summary>
+/// <param name="implementation">The <see cref="IPropertyAccess"/> implementation that is being wrapped.</param>
+public class HtmlEncodingPropertyAccess(IPropertyAccess implementation) : IPropertyAccess
+{
+    /// <inheritdoc />
+    public CacheLevel Cacheability
+    {
+        get => implementation.Cacheability;
+    }
+
+    /// <inheritdoc />
+    public string GetProperty(
+        string propertyName,
+        string format,
+        CultureInfo formatProvider,
+        UserInfo accessingUser,
+        Scope accessLevel,
+        ref bool propertyNotFound)
+    {
+        var result = implementation.GetProperty(
+            propertyName,
+            format,
+            formatProvider,
+            accessingUser,
+            accessLevel,
+            ref propertyNotFound);
+
+        return WebUtility.HtmlEncode(result);
+    }
+}

DNN Platform/Library/Services/Tokens/PropertyAccess/JavaScriptEncodingPropertyAccess.cs

@@ -0,0 +1,43 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information
+
+namespace DotNetNuke.Services.Tokens;
+
+using System.Globalization;
+using System.Net;
+using System.Web;
+using System.Web.Util;
+
+using DotNetNuke.Entities.Users;
+
+/// <summary>An <see cref="IPropertyAccess"/> implementation that wraps an existing <see cref="IPropertyAccess"/>, JavaScript string encoding its result.</summary>
+/// <param name="implementation">The <see cref="IPropertyAccess"/> implementation that is being wrapped.</param>
+public class JavaScriptEncodingPropertyAccess(IPropertyAccess implementation) : IPropertyAccess
+{
+    /// <inheritdoc />
+    public CacheLevel Cacheability
+    {
+        get => implementation.Cacheability;
+    }
+
+    /// <inheritdoc />
+    public string GetProperty(
+        string propertyName,
+        string format,
+        CultureInfo formatProvider,
+        UserInfo accessingUser,
+        Scope accessLevel,
+        ref bool propertyNotFound)
+    {
+        var result = implementation.GetProperty(
+            propertyName,
+            format,
+            formatProvider,
+            accessingUser,
+            accessLevel,
+            ref propertyNotFound);
+
+        return HttpUtility.JavaScriptStringEncode(result);
+    }
+}

DNN Platform/Library/Services/Tokens/PropertyAccess/UrlEncodingPropertyAccess.cs

@@ -0,0 +1,41 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information
+
+namespace DotNetNuke.Services.Tokens;
+
+using System.Globalization;
+using System.Net;
+
+using DotNetNuke.Entities.Users;
+
+/// <summary>An <see cref="IPropertyAccess"/> implementation that wraps an existing <see cref="IPropertyAccess"/>, URL encoding its result.</summary>
+/// <param name="implementation">The <see cref="IPropertyAccess"/> implementation that is being wrapped.</param>
+public class UrlEncodingPropertyAccess(IPropertyAccess implementation) : IPropertyAccess
+{
+    /// <inheritdoc />
+    public CacheLevel Cacheability
+    {
+        get => implementation.Cacheability;
+    }
+
+    /// <inheritdoc />
+    public string GetProperty(
+        string propertyName,
+        string format,
+        CultureInfo formatProvider,
+        UserInfo accessingUser,
+        Scope accessLevel,
+        ref bool propertyNotFound)
+    {
+        var result = implementation.GetProperty(
+            propertyName,
+            format,
+            formatProvider,
+            accessingUser,
+            accessLevel,
+            ref propertyNotFound);
+
+        return WebUtility.UrlEncode(result);
+    }
+}

DNN Platform/Library/Services/Tokens/TokenContext.cs

@@ -1,30 +1,30 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information
-namespace DotNetNuke.Services.Tokens
+namespace DotNetNuke.Services.Tokens
 {
     using System.Collections.Generic;
     using System.Globalization;
-    using System.Threading;
+    using System.Threading;
 
     using DotNetNuke.Entities.Modules;
     using DotNetNuke.Entities.Portals;
     using DotNetNuke.Entities.Tabs;
     using DotNetNuke.Entities.Users;
-
+
     /// <summary>The context in which tokenization should happen.</summary>
-    public class TokenContext
+    public class TokenContext
     {
         /// <summary>Gets or sets the user object representing the currently accessing user (permission).</summary>
-        /// <value>UserInfo oject.</value>
+        /// <value>UserInfo object.</value>
         public UserInfo AccessingUser { get; set; }
 
         /// <summary>Gets or sets the user object to use for 'User:' token replacement.</summary>
-        /// <value>UserInfo oject.</value>
+        /// <value>UserInfo object.</value>
         public UserInfo User { get; set; }
 
         /// <summary>Gets or sets the portal settings object to use for 'Portal:' token replacement.</summary>
-        /// <value>PortalSettings oject.</value>
+        /// <value>PortalSettings object.</value>
         public PortalSettings Portal { get; set; }
 
         /// <summary>Gets or sets the tab settings object to use for 'Tab:' token replacement.</summary>
@@ -34,11 +34,11 @@ public class TokenContext
         public ModuleInfo Module { get; set; }
 
         /// <summary>Gets or sets the Format provider as Culture info from stored language or current culture.</summary>
-        /// <value>An CultureInfo.</value>
+        /// <value>An CultureInfo.</value>
         public CultureInfo Language { get; set; } = Thread.CurrentThread.CurrentUICulture;
 
         /// <summary>Gets or sets the current Access Level controlling access to critical user settings.</summary>
-        /// <value>A TokenAccessLevel as defined above.</value>
+        /// <value>A TokenAccessLevel as defined above.</value>
         public Scope CurrentAccessLevel { get; set; }
 
         /// <summary>Gets or sets a value indicating whether if DebugMessages are enabled, unknown Tokens are replaced with Error Messages.</summary>