Error in HtmlSanitizer.Sanitize

miguelisidoro commented 4 days ago

Hi,

We have the following code:

public class HtmlHelper { private static HtmlSanitizer HtmlSanitizer { get { HtmlSanitizer sanitizer = new();

        // Add Tags
        sanitizer.AllowedTags.Add("video");
        sanitizer.AllowedTags.Add("source");
        sanitizer.AllowedTags.Add("iframe");

        // Remove Tags
        sanitizer.AllowedTags.Remove("acronym");
        sanitizer.AllowedTags.Remove("area");
        sanitizer.AllowedTags.Remove("big");
        sanitizer.AllowedTags.Remove("body");
        sanitizer.AllowedTags.Remove("button");
        sanitizer.AllowedTags.Remove("dir");
        sanitizer.AllowedTags.Remove("font");
        sanitizer.AllowedTags.Remove("footer");
        sanitizer.AllowedTags.Remove("form");
        sanitizer.AllowedTags.Remove("head");
        sanitizer.AllowedTags.Remove("header");
        sanitizer.AllowedTags.Remove("html");
        sanitizer.AllowedTags.Remove("input");
        sanitizer.AllowedTags.Remove("keygen");
        sanitizer.AllowedTags.Remove("map");
        sanitizer.AllowedTags.Remove("menu");
        sanitizer.AllowedTags.Remove("menuitem");
        sanitizer.AllowedTags.Remove("nav");
        sanitizer.AllowedTags.Remove("optgroup");
        sanitizer.AllowedTags.Remove("option");
        sanitizer.AllowedTags.Remove("output");
        sanitizer.AllowedTags.Remove("section");
        sanitizer.AllowedTags.Remove("select");
        sanitizer.AllowedTags.Remove("textarea");
        sanitizer.AllowedTags.Remove("tt");

        // Add Attributes
        sanitizer.AllowedAttributes.Add("class");
        sanitizer.AllowedAttributes.Add("allow");
        sanitizer.AllowedAttributes.Add("allowfullscreen");
        sanitizer.AllowedAttributes.Add("frameborder");
        sanitizer.AllowedAttributes.Add("poster");
        sanitizer.AllowedAttributes.Add("controls");
        sanitizer.AllowedAttributes.Add("mention");
        sanitizer.AllowedAttributes.Add("data-userid");
        sanitizer.AllowedAttributes.Add("scrolling");
        sanitizer.AllowedAttributes.Add("width");
        sanitizer.AllowedAttributes.Add("height");

        // Remove attributes
        sanitizer.AllowedAttributes.Remove("accept-charset");
        sanitizer.AllowedAttributes.Remove("accept");
        sanitizer.AllowedAttributes.Remove("accesskey");
        sanitizer.AllowedAttributes.Remove("action");
        sanitizer.AllowedAttributes.Remove("autocomplete");
        sanitizer.AllowedAttributes.Remove("autosave");
        sanitizer.AllowedAttributes.Remove("axis");
        sanitizer.AllowedAttributes.Remove("challenge");
        sanitizer.AllowedAttributes.Remove("char");
        sanitizer.AllowedAttributes.Remove("charoff");
        sanitizer.AllowedAttributes.Remove("charset");
        sanitizer.AllowedAttributes.Remove("checked");
        sanitizer.AllowedAttributes.Remove("clear");
        sanitizer.AllowedAttributes.Remove("compact");
        sanitizer.AllowedAttributes.Remove("contenteditable");
        sanitizer.AllowedAttributes.Remove("coords");
        sanitizer.AllowedAttributes.Remove("dir");
        sanitizer.AllowedAttributes.Remove("disabled");
        sanitizer.AllowedAttributes.Remove("draggable");
        sanitizer.AllowedAttributes.Remove("dropzone");
        sanitizer.AllowedAttributes.Remove("enctype");
        sanitizer.AllowedAttributes.Remove("for");
        sanitizer.AllowedAttributes.Remove("frame");
        sanitizer.AllowedAttributes.Remove("headers");
        sanitizer.AllowedAttributes.Remove("high");
        sanitizer.AllowedAttributes.Remove("hreflang");
        sanitizer.AllowedAttributes.Remove("hspace");
        sanitizer.AllowedAttributes.Remove("ismap");
        sanitizer.AllowedAttributes.Remove("keytype");
        sanitizer.AllowedAttributes.Remove("list");
        sanitizer.AllowedAttributes.Remove("longdesc");
        sanitizer.AllowedAttributes.Remove("low");
        sanitizer.AllowedAttributes.Remove("max");
        sanitizer.AllowedAttributes.Remove("maxlength");
        sanitizer.AllowedAttributes.Remove("method");
        sanitizer.AllowedAttributes.Remove("min");
        sanitizer.AllowedAttributes.Remove("multiple");
        sanitizer.AllowedAttributes.Remove("nohref");
        sanitizer.AllowedAttributes.Remove("noshade");
        sanitizer.AllowedAttributes.Remove("novalidate");
        sanitizer.AllowedAttributes.Remove("open");
        sanitizer.AllowedAttributes.Remove("optimum");
        sanitizer.AllowedAttributes.Remove("pattern");
        sanitizer.AllowedAttributes.Remove("placeholder");
        sanitizer.AllowedAttributes.Remove("radiogroup");
        sanitizer.AllowedAttributes.Remove("readonly");
        sanitizer.AllowedAttributes.Remove("required");
        sanitizer.AllowedAttributes.Remove("rev");
        sanitizer.AllowedAttributes.Remove("rules");
        sanitizer.AllowedAttributes.Remove("selected");
        sanitizer.AllowedAttributes.Remove("shape");
        sanitizer.AllowedAttributes.Remove("usemap");

        return sanitizer;
    }
}

/// <summary>
/// Sanitizes html input.
/// </summary>
/// <param name="html"></param>
/// <returns>The sanitized html.</returns>
public static string SanitizeHtml(string html)
{
    return HtmlSanitizer.Sanitize(html);
}

}

that is throwing a NullReferenceException in the line "return HtmlSanitizer.Sanitize(html)".

The html that is causing this error is the following:

<p>Os tours operacionais estão desenhados para poderem ser utilizados, na maioria dos casos, sem alterações. No entanto, por existirem condicionamentos meteorológicos ou de festividades, podem precisar de ser ajustados. Por exemplo, excluir atividades de água nos meses de Inverno ou Andaluzia nos meses de Julho e Agosto. A tabela criada não é exaustiva mas tem as principais linhas orientadoras para cada operação.</p>
<p> </p>
<h2>Spain - 2024</h2>
<table style="border-collapse: collapse; width: 749pt; margin-left: auto; margin-right: auto;" border="0" width="998" cellspacing="0" cellpadding="0"><colgroup><col style="mso-width-source: userset; mso-width-alt: 4132; width: 85pt;" width="113"> <col style="mso-width-source: userset; mso-width-alt: 11556; width: 237pt;" width="316"> <col style="mso-width-source: userset; mso-width-alt: 13787; width: 283pt;" width="377"> <col style="mso-width-source: userset; mso-width-alt: 7021; width: 144pt;" width="192"> </colgroup>
<tbody>
<tr style="height: 15pt; text-align: center;">
<td class="xl66" style="height: 15.0pt; width: 85pt; font-size: 11.0pt; color: white; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext; background: black; mso-pattern: black none;" width="113" height="20" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="">Mês</td>
<td class="xl67" style="border-left: none; width: 237pt; font-size: 11.0pt; color: white; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext; background: black; mso-pattern: black none;" width="316" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="">Itinerario / Alojamento</td>
<td class="xl67" style="border-left: none; width: 283pt; font-size: 11.0pt; color: white; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext; background: black; mso-pattern: black none;" width="377" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="">Datas Especiais</td>
<td class="xl68" style="border-left: none; width: 144pt; font-size: 11.0pt; color: white; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext; background: black; mso-pattern: black none;" width="192" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="" data-darkreader-inline-bgimage="" data-darkreader-inline-bgcolor="">Atividades</td>
</tr>
<tr style="height: 15pt; text-align: center;">
<td class="xl72" style="height: 15.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="20" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Janeiro</td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""><span class="font5">Todo o País </span><span class="font0">- Cabalgata de Reyes en casi todas las ciudades (05 Jan)</span></td>
<td class="xl69" style="border-top: none; border-left: none; width: 144pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="192" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Evitar actividades no mar/rio.</td>
</tr>
<tr style="height: 15pt; text-align: center;">
<td class="xl72" style="height: 15.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="20" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Fevereiro</td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""><span class="font5">Barcelona</span><span class="font0"> - Mobile World Congress (26 feb - 29 feb)</span></td>
<td class="xl69" style="border-top: none; border-left: none; width: 144pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="192" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Evitar actividades no mar/rio.</td>
</tr>
<tr style="height: 15pt; text-align: center;">
<td class="xl72" style="height: 15.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="20" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Março</td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl73" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
</tr>
<tr style="height: 15pt; text-align: center;">
<td class="xl72" style="height: 15.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="20" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Abril</td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl73" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
</tr>
<tr style="height: 15pt; text-align: center;">
<td class="xl72" style="height: 15.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="20" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Maio</td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl73" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
</tr>
<tr style="height: 75pt; text-align: center;">
<td class="xl72" style="height: 75.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="100" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Junho</td>
<td class="xl65" style="border-top: none; border-left: none; width: 237pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="316" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">• Considerado época alta para a maioria das cidades, atenção ao preço mais elevado em datas de festivais ou eventos<br>• Zonas costeiras e de praia são historicamente mais procuradas no mês de Junho.</td>
<td class="xl65" style="border-top: none; border-left: none; width: 283pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="377" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl73" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
</tr>
<tr style="height: 75pt; text-align: center;">
<td class="xl72" style="height: 75.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="100" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Julho</td>
<td class="xl65" style="border-top: none; border-left: none; width: 237pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="316" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">• Considerado época alta para a maioria das cidades, atenção ao preço mais elevado em datas de festivais ou eventos<br>• Zonas costeiras e de praia são historicamente mais procuradas no mês de Julho.</td>
<td class="xl74" style="border-top: none; border-left: none; width: 283pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="377" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl73" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
</tr>
<tr style="height: 45pt; text-align: center;">
<td class="xl72" style="height: 45.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="60" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Agosto</td>
<td class="xl74" style="border-top: none; border-left: none; width: 237pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="316" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">• Muito calor pelo pais todo, especialmente no sul de Espanha (é considerado época baixa). Evitar a região da Andalusia</td>
<td class="xl74" style="border-top: none; border-left: none; width: 283pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="377" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl73" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
</tr>
<tr style="height: 30pt; text-align: center;">
<td class="xl72" style="height: 30.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="40" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Setembro</td>
<td class="xl74" style="border-top: none; border-left: none; width: 237pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="316" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">• Época alta de viagem, a disponibilidade estará reduzida na maioria das cidades</td>
<td class="xl74" style="border-top: none; border-left: none; width: 283pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="377" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl73" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
</tr>
<tr style="height: 15pt; text-align: center;">
<td class="xl72" style="height: 15.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="20" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Outubro</td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl74" style="border-top: none; border-left: none; width: 283pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="377" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl73" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
</tr>
<tr style="height: 15pt; text-align: center;">
<td class="xl72" style="height: 15.0pt; border-top: none; font-size: 11.0pt; color: black; font-weight: bold; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" height="20" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Novembro</td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl71" style="border-top: none; border-left: none; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl69" style="border-top: none; border-left: none; width: 144pt; font-size: 11.0pt; color: black; font-weight: 400; text-decoration: none; text-underline-style: none; text-line-through: none; font-family: Calibri, sans-serif; border: .5pt solid windowtext;" width="192" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Evitar actividades no mar/rio.</td>
</tr>
<tr style="height: 15.0pt;">
<td class="xl75" style="height: 15pt; font-size: 11pt; color: black; font-weight: bold; text-decoration: none; font-family: Calibri, sans-serif; border: 0.5pt solid windowtext; text-align: center;" height="20" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Dezembro</td>
<td class="xl76" style="font-size: 11pt; color: black; font-weight: 400; text-decoration: none; font-family: Calibri, sans-serif; border: 0.5pt solid windowtext; text-align: center;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl76" style="font-size: 11pt; color: black; font-weight: 400; text-decoration: none; font-family: Calibri, sans-serif; border: 0.5pt solid windowtext; text-align: center;" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left=""> </td>
<td class="xl70" style="width: 144pt; font-size: 11pt; color: black; font-weight: 400; text-decoration: none; font-family: Calibri, sans-serif; border: 0.5pt solid windowtext; text-align: center;" width="192" data-darkreader-inline-color="" data-darkreader-inline-border-top="" data-darkreader-inline-border-right="" data-darkreader-inline-border-bottom="" data-darkreader-inline-border-left="">Evitar actividades no mar/rio.</td>
</tr>
</tbody>
</table>

Can you please release a new version that fixes this error?

Thanks

mganss commented 3 days ago

I can't repro. What does the call stack look like in the NullReferenceException?

miguelisidoro commented 3 days ago

Hi,

The call stack trace is the following:

System.NullReferenceException: Object reference not set to an instance of an object. at AngleSharp.Css.Values.CssPeriodicValue1.get_CssText() at AngleSharp.Css.Dom.CssProperty.get_Value() at AngleSharp.Css.Dom.CssStyleDeclaration.TryCreateShorthand(String shorthandName, IEnumerable1 serialized, List1 usedProperties, Boolean force) at AngleSharp.Css.Dom.CssStyleDeclaration.GetPropertyShorthand(String name) at AngleSharp.Css.Dom.CssStyleDeclaration.GetProperty(String name) at AngleSharp.Css.Dom.CssStyleDeclaration.CreateProperty(String propertyName) at AngleSharp.Css.Dom.CssStyleDeclaration.SetProperty(String propertyName, String propertyValue, String priority) at AngleSharp.Css.Parser.CssBuilder.CreateDeclarationWith(ICssProperties properties, CssToken& token) at AngleSharp.Css.Parser.CssBuilder.FillDeclarations(CssStyleDeclaration style, CssToken token) at AngleSharp.Css.Parser.CssParser.<>c__DisplayClass23_0.<ParseDeclaration>b__0(CssBuilder b, CssToken t) at AngleSharp.Css.Parser.CssParser.Parse[T](String source, Func3 create) at AngleSharp.Css.Parser.CssParser.ParseDeclaration(String declarationText) at AngleSharp.Css.Dom.CssStyleDeclaration.Update(String value) at AngleSharp.Css.Dom.ElementCssInlineStyleExtensions.CreateStyle(IElement element, String source) at AngleSharp.Css.Dom.ElementCssInlineStyleExtensions.CreateStyle(IElement element) at System.Runtime.CompilerServices.ConditionalWeakTable2.GetValueLocked(TKey key, CreateValueCallback createValueCallback) at System.Runtime.CompilerServices.ConditionalWeakTable2.GetValue(TKey key, CreateValueCallback createValueCallback) at AngleSharp.Css.Dom.ElementCssInlineStyleExtensions.GetStyle(IElement element) at AngleSharp.Css.Dom.ElementCssInlineStyleExtensions.UpdateStyle(IElement element, String value) at AngleSharp.Css.StyleAttributeObserver.AngleSharp.Dom.IAttributeObserver.NotifyChange(IElement host, String name, String value) at AngleSharp.Dom.Element.SetupElement() at AngleSharp.Html.Parser.HtmlDomBuilder.InCellEndTagCell(HtmlToken token) at AngleSharp.Html.Parser.HtmlDomBuilder.Parse(HtmlParserOptions options) at AngleSharp.Html.Parser.HtmlParser.Parse(HtmlDocument document, String stopAt) at AngleSharp.Html.Parser.HtmlParser.ParseDocument(String source) at Ganss.Xss.HtmlSanitizer.SanitizeDom(String html, String baseUrl) at Ganss.Xss.HtmlSanitizer.Sanitize(String html, String baseUrl, IMarkupFormatter outputFormatter)

Thanks

mganss commented 3 days ago

Which versions of AngleSharp, AngleSharp.Css are you using?

miguelisidoro commented 3 days ago

Just AngleSharp, version 0.17.1. We don't use AngleSharp.Css (at least we dont have any nuget package in the project).

tiesont commented 3 days ago

I also could not reproduce. For reference: https://dotnetfiddle.net/yaU6Dn - works just fine.

miguelisidoro commented 3 days ago

What do you suggest to find the reason and solve the error we are getting?

tiesont commented 3 days ago

Hard to say. How is this code being called?

miguelisidoro commented 2 days ago

public class HtmlHelper
{
    private static HtmlSanitizer HtmlSanitizer
    {
        get
        {
            HtmlSanitizer sanitizer = new();

            // Add Tags
            sanitizer.AllowedTags.Add("video");
            sanitizer.AllowedTags.Add("source");
            sanitizer.AllowedTags.Add("iframe");

            // Remove Tags
            sanitizer.AllowedTags.Remove("acronym");
            sanitizer.AllowedTags.Remove("area");
            sanitizer.AllowedTags.Remove("big");
            sanitizer.AllowedTags.Remove("body");
            sanitizer.AllowedTags.Remove("button");
            sanitizer.AllowedTags.Remove("dir");
            sanitizer.AllowedTags.Remove("font");
            sanitizer.AllowedTags.Remove("footer");
            sanitizer.AllowedTags.Remove("form");
            sanitizer.AllowedTags.Remove("head");
            sanitizer.AllowedTags.Remove("header");
            sanitizer.AllowedTags.Remove("html");
            sanitizer.AllowedTags.Remove("input");
            sanitizer.AllowedTags.Remove("keygen");
            sanitizer.AllowedTags.Remove("map");
            sanitizer.AllowedTags.Remove("menu");
            sanitizer.AllowedTags.Remove("menuitem");
            sanitizer.AllowedTags.Remove("nav");
            sanitizer.AllowedTags.Remove("optgroup");
            sanitizer.AllowedTags.Remove("option");
            sanitizer.AllowedTags.Remove("output");
            sanitizer.AllowedTags.Remove("section");
            sanitizer.AllowedTags.Remove("select");
            sanitizer.AllowedTags.Remove("textarea");
            sanitizer.AllowedTags.Remove("tt");

            // Add Attributes
            sanitizer.AllowedAttributes.Add("class");
            sanitizer.AllowedAttributes.Add("allow");
            sanitizer.AllowedAttributes.Add("allowfullscreen");
            sanitizer.AllowedAttributes.Add("frameborder");
            sanitizer.AllowedAttributes.Add("poster");
            sanitizer.AllowedAttributes.Add("controls");
            sanitizer.AllowedAttributes.Add("mention");
            sanitizer.AllowedAttributes.Add("data-userid");
            sanitizer.AllowedAttributes.Add("scrolling");
            sanitizer.AllowedAttributes.Add("width");
            sanitizer.AllowedAttributes.Add("height");

            // Remove attributes
            sanitizer.AllowedAttributes.Remove("accept-charset");
            sanitizer.AllowedAttributes.Remove("accept");
            sanitizer.AllowedAttributes.Remove("accesskey");
            sanitizer.AllowedAttributes.Remove("action");
            sanitizer.AllowedAttributes.Remove("autocomplete");
            sanitizer.AllowedAttributes.Remove("autosave");
            sanitizer.AllowedAttributes.Remove("axis");
            sanitizer.AllowedAttributes.Remove("challenge");
            sanitizer.AllowedAttributes.Remove("char");
            sanitizer.AllowedAttributes.Remove("charoff");
            sanitizer.AllowedAttributes.Remove("charset");
            sanitizer.AllowedAttributes.Remove("checked");
            sanitizer.AllowedAttributes.Remove("clear");
            sanitizer.AllowedAttributes.Remove("compact");
            sanitizer.AllowedAttributes.Remove("contenteditable");
            sanitizer.AllowedAttributes.Remove("coords");
            sanitizer.AllowedAttributes.Remove("dir");
            sanitizer.AllowedAttributes.Remove("disabled");
            sanitizer.AllowedAttributes.Remove("draggable");
            sanitizer.AllowedAttributes.Remove("dropzone");
            sanitizer.AllowedAttributes.Remove("enctype");
            sanitizer.AllowedAttributes.Remove("for");
            sanitizer.AllowedAttributes.Remove("frame");
            sanitizer.AllowedAttributes.Remove("headers");
            sanitizer.AllowedAttributes.Remove("high");
            sanitizer.AllowedAttributes.Remove("hreflang");
            sanitizer.AllowedAttributes.Remove("hspace");
            sanitizer.AllowedAttributes.Remove("ismap");
            sanitizer.AllowedAttributes.Remove("keytype");
            sanitizer.AllowedAttributes.Remove("list");
            sanitizer.AllowedAttributes.Remove("longdesc");
            sanitizer.AllowedAttributes.Remove("low");
            sanitizer.AllowedAttributes.Remove("max");
            sanitizer.AllowedAttributes.Remove("maxlength");
            sanitizer.AllowedAttributes.Remove("method");
            sanitizer.AllowedAttributes.Remove("min");
            sanitizer.AllowedAttributes.Remove("multiple");
            sanitizer.AllowedAttributes.Remove("nohref");
            sanitizer.AllowedAttributes.Remove("noshade");
            sanitizer.AllowedAttributes.Remove("novalidate");
            sanitizer.AllowedAttributes.Remove("open");
            sanitizer.AllowedAttributes.Remove("optimum");
            sanitizer.AllowedAttributes.Remove("pattern");
            sanitizer.AllowedAttributes.Remove("placeholder");
            sanitizer.AllowedAttributes.Remove("radiogroup");
            sanitizer.AllowedAttributes.Remove("readonly");
            sanitizer.AllowedAttributes.Remove("required");
            sanitizer.AllowedAttributes.Remove("rev");
            sanitizer.AllowedAttributes.Remove("rules");
            sanitizer.AllowedAttributes.Remove("selected");
            sanitizer.AllowedAttributes.Remove("shape");
            sanitizer.AllowedAttributes.Remove("usemap");

            return sanitizer;
        }
    }

    /// <summary>
    /// Sanitizes html input.
    /// </summary>
    /// <param name="html"></param>
    /// <returns>The sanitized html.</returns>
    public static string SanitizeHtml(string html)
    {
        return HtmlSanitizer.Sanitize(html);
    }
}

mganss commented 2 days ago

I think what @tiesont meant was what does the code look like that calls HtmlHelper.SanitizeHtml()?

miguelisidoro commented 2 days ago

Example:

ApprovalForm requestFormPart = new ApprovalForm
{
    Admins = new UserPickerField { UserIds = request.Admins },
    Description = new HtmlField { Html = HtmlHelper.SanitizeHtml(request.Description) },
    Approvers = new UserPickerField { UserIds = request.Approvers },
    FormId = new TextField { Text = formId }
};

mganss commented 2 days ago

Could you create a console app using the same .NET version and HtmlSanitizer NuGet package version and create a minimal example that shows the issue? Or possibly change the fiddle that @tiesont posted so that the issue shows?

miguelisidoro commented 2 days ago

I created a console app and can't repro it either. I will try to reproduce the issue and get the html that triggers the error and update the fiddle.

miguelisidoro commented 2 days ago

I just tried to reproduce the original error and couldn't. Please close the issue and if we have another situation we will contact you.

Thanks for the support. Have a nice weekend.

mganss / HtmlSanitizer

Error in HtmlSanitizer.Sanitize #552