StackOverflowException on trying to sanitize

[joffremota]

I'm using HtmlSanitizer to sanitize HTML origined by EML files. I've got a StackOverflowException exception and I'd like to know if there is something I can do to solve it. While debugging my web application, this is what I receive. While deployed, IIS is crashing.

I'm using the latest HtmlSanitizer version and appreciatte any help.

[tiesont]

A minimal code example that reproduces your exception would be really helpful, along with a few more details:

• Do your EML files generate fragments or full HTML pages?
• Roughly what size (on average) are the generated files?
• Which sanitize method are you calling?

[joffremota]

Hello @tiesont . Thanks for your response.

My HTML has lots of divs (actually, more than 5000 fragments). File has only 350kb and my code is below, where "htmlBody" attributte receives the HTML I'm having trouble with.

public string Sanitize()
{
    var htmlBody = emailBody;

    if (sanitizerLogic == EmailSanitizerLogic.RemoveAndKeepContent)
    {
        sanitizer.KeepChildNodes = true;
    }

    AllowBase64Images();
    AllowCidImages();

    foreach (var newTag in additionalTags)
    {
        if (string.IsNullOrWhiteSpace(newTag)) continue;
        sanitizer.AllowedTags.Add(newTag.Trim());
    }

    foreach (var newAttr in additionalAttributes)
    {
        if (string.IsNullOrWhiteSpace(newAttr)) continue;
        sanitizer.AllowedAttributes.Add(newAttr.Trim());
    }

    var sanitizedHtml = sanitizer.Sanitize(htmlBody, "");

    return sanitizedHtml;
}

private void AllowBase64Images()
{
    sanitizer.AllowDataAttributes = true;
    sanitizer.AllowedSchemes.Add("data");
    sanitizer.RemovingAttribute += (s, e) =>
    {
        var isNotAllowed = e.Reason == RemoveReason.NotAllowedAttribute || e.Reason == RemoveReason.NotAllowedUrlValue;
        var hasLength = e.Attribute.Value.Length >= 0xfff0;
        var startWithData = e.Attribute.Value.StartsWith("data:", StringComparison.OrdinalIgnoreCase);
        e.Cancel = isNotAllowed && hasLength && startWithData;
    };
}

private void AllowCidImages()
{
    sanitizer.AllowDataAttributes = true;
    sanitizer.AllowedSchemes.Add("cid");
    sanitizer.RemovingAttribute += (s, e) =>
    {
        var isNotAllowed = e.Reason == RemoveReason.NotAllowedAttribute || e.Reason == RemoveReason.NotAllowedUrlValue;
        var hasLength = e.Attribute.Value.Length >= 0xfff0;
        var startWithData = e.Attribute.Value.StartsWith("cid:", StringComparison.OrdinalIgnoreCase);
        e.Cancel = isNotAllowed && hasLength && startWithData;
    };
}

If I may, I'll post an external link with the HTML file. Find below a print of a part of it.

[mganss]

@joffremota Yes, please attach the HTML here.

[joffremota]

Here it is, @mganss

file.zip

[mganss]

Thanks. I can't repro, though. What's in additionalTags and additionalAttributes?

[joffremota]

@mganss, additionalAttributes has only one item: class, while additionalTags has the following items:

• eXclaimer:ORIGINAL_BODY_BEFORE
• eXclaimer:AD
• eXclaimer:ORIGINAL_BODY_AFTER
• root
• singleline
• repeater
• layout

The error occurs only inside IIS, that crashes.

When I set the HTML on a string and create a unit test with it, I can't reproduce either.

[mganss]

I have a feeling this occurs because the maximum stack size in IIS is smaller than in a console app. Perhaps you can create a new thread and set the stack size to a higher value (perhaps try 1MB or 4MB?) and run the sanitizer on that thread.