Merge commit from fork

Don't allow HTML response content in Prompt data

Author: valadas

DNN Platform/DotNetNuke.Abstractions/Prompt/ICommand.cs

@@ -3,7 +3,7 @@
 // See the LICENSE file in the project root for more information
 namespace DotNetNuke.Abstractions.Prompt
 {
-    /// <summary>This is used to retrieve and keep a list of all commands found in the installation.</summary>
+    /// <summary>This contains information about a Prompt command available in the installation.</summary>
     public interface ICommand
     {
         /// <summary>Gets or sets the name of the command.</summary>
@@ -13,15 +13,10 @@ public interface ICommand
         string Description { get; set; }
 
         /// <summary>Gets or sets the category to which this command belongs.</summary>
-        /// <remarks>
-        /// This is used to group the list of commands when a user requests this.
-        /// </remarks>
+        /// <remarks>This is used to group the list of commands when a user requests this.</remarks>
         string Category { get; set; }
 
-        /// <summary>
-        /// Gets or sets the key that is used to lookup the command internally
-        /// (= upper cased command name).
-        /// </summary>
+        /// <summary>Gets or sets the key that is used to look up the command internally (i.e. the upper-cased command name).</summary>
         string Key { get; set; }
 
         /// <summary>Gets or sets the assembly version of the assembly containing the command.</summary>

DNN Platform/DotNetNuke.Abstractions/Prompt/ICommandOption.cs

@@ -3,7 +3,7 @@
 // See the LICENSE file in the project root for more information
 namespace DotNetNuke.Abstractions.Prompt
 {
-    /// <summary>This is used in the ICommandHelp to send a list of command parameters to the client for explanatory help.</summary>
+    /// <summary>This is used in the <see cref="ICommandHelp"/> to send a list of command parameters to the client for explanatory help.</summary>
     public interface ICommandOption
     {
         /// <summary>Gets or sets the name of the parameter.</summary>

DNN Platform/DotNetNuke.Abstractions/Prompt/IConsoleCommand.cs

@@ -18,8 +18,8 @@ public interface IConsoleCommand
         string ResultHtml { get; }
 
         /// <summary>
-        /// Initializes the command when invoked by the client. Note that you can opt to override this but you should
-        /// call base.Initialize() to ensure all base values are loaded.
+        /// Initializes the command when invoked by the client. Note that you can opt to override this, but you should
+        /// call <c>base.Initialize()</c> to ensure all base values are loaded.
         /// </summary>
         /// <param name="args">Raw argument list passed by the client.</param>
         /// <param name="portalSettings">PortalSettings for the portal we're operating under or if PortalId is specified, that portal.</param>

DNN Platform/DotNetNuke.Abstractions/Prompt/IConsoleOutput.cs

@@ -0,0 +1,15 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information
+
+namespace DotNetNuke.Abstractions.Prompt;
+
+/// <summary>A field to be output which could contain plain text or HTML.</summary>
+public interface IConsoleOutput
+{
+    /// <summary>Gets a value indicating whether <see cref="Output"/> is HTML or plain text.</summary>
+    public bool IsHtml { get; }
+
+    /// <summary>Gets the output.</summary>
+    public string Output { get; }
+}

DNN Platform/DotNetNuke.Abstractions/Prompt/IConsoleResultModel.cs

@@ -13,38 +13,30 @@ public interface IConsoleResultModel
         bool IsError { get; set; }
 
         /// <summary>Gets or sets a value indicating whether output is HTML.</summary>
-        /// <remarks>
-        /// Let the client know if the output is HTML or not.
-        /// </remarks>
+        /// <remarks>Let the client know if the output is HTML or not.</remarks>
         bool IsHtml { get; set; }
 
         /// <summary>Gets or sets a value indicating whether the prompt must reload.</summary>
-        /// <remarks>
-        /// Should the client reload after processing the command.
-        /// </remarks>
+        /// <remarks>Should the client reload after processing the command.</remarks>
         bool MustReload { get; set; }
 
-        /// <summary>Gets or sets if the response contains data to be formatted by the client.</summary>
+        /// <summary>Gets or sets a list of data to be formatted by the client.</summary>
+        /// <remarks>
+        /// If the list contains a single item it will be displayed as a list of properties, otherwise the list will be displayed as a table.
+        /// Each field will be rendered as plain text, unless it is wrapped in <see cref="IConsoleOutput"/>.
+        /// </remarks>
         object Data { get; set; }
 
         /// <summary>Gets or sets the field order.</summary>
-        /// <remarks>
-        /// Optionally tell the client in what order the fields should be displayed.
-        /// </remarks>
+        /// <remarks>Optionally tell the client in what order the fields should be displayed.</remarks>
         string[] FieldOrder { get; set; }
 
         /// <summary>Gets or sets the <see cref="IPagingInfo"/>.</summary>
-        /// <remarks>
-        /// Information about paging of data. This allows the client to prompt the user
-        /// to load the next page of data.
-        /// </remarks>
+        /// <remarks>Information about paging of data. This allows the client to prompt the user to load the next page of data.</remarks>
         IPagingInfo PagingInfo { get; set; }
 
         /// <summary>Gets or sets the next page command.</summary>
-        /// <remarks>
-        /// Command to be used to display the next page of data. This is set in the
-        /// WebAPI handler.
-        /// </remarks>
+        /// <remarks>Command to be used to display the next page of data. This is set in the WebAPI handler.</remarks>
         string NextPageCommand { get; set; }
 
         /// <summary>Gets or sets the number of records retrieved (for this page).</summary>

DNN Platform/DotNetNuke.Abstractions/Prompt/IPagingInfo.cs

@@ -6,16 +6,16 @@ namespace DotNetNuke.Abstractions.Prompt
     /// <summary>Used to page long lists of data to the client.</summary>
     public interface IPagingInfo
     {
-        /// <summary>Gets or sets the current page nr.</summary>
+        /// <summary>Gets or sets the current page number.</summary>
         int PageNo { get; set; }
 
         /// <summary>Gets or sets the Page size.</summary>
         int PageSize { get; set; }
 
-        /// <summary>Gets or sets the total nr of pages.</summary>
+        /// <summary>Gets or sets the total number of pages.</summary>
         int TotalPages { get; set; }
 
-        /// <summary>Gets or sets the total nr of records.</summary>
+        /// <summary>Gets or sets the total number of records.</summary>
         int TotalRecords { get; set; }
     }
 }

DNN Platform/DotNetNuke.Web/Prompt/ListServices.cs

@@ -5,7 +5,6 @@ namespace DotNetNuke.Web.Prompt
 {
     using System;
     using System.Linq;
-    using System.Net;
 
     using DotNetNuke.Abstractions.Portals;
     using DotNetNuke.Abstractions.Prompt;
@@ -48,8 +47,8 @@ public override IConsoleResultModel Run()
                         Service = this.GetTypeName(descriptor.ServiceType),
                         Implementation = this.GetImplementationText(descriptor),
                     })
-                .OrderBy(desc => desc.Service)
-                .ThenBy(desc => desc.Implementation)
+                .OrderBy(desc => desc.Service.Output)
+                .ThenBy(desc => desc.Implementation.Output)
                 .ToList();
             return new ConsoleResultModel
             {
@@ -58,29 +57,29 @@ public override IConsoleResultModel Run()
             };
         }
 
-        private string GetImplementationText(ServiceDescriptor descriptor)
+        private IConsoleOutput GetImplementationText(ServiceDescriptor descriptor)
         {
             if (descriptor.ImplementationInstance != null)
             {
-                return this.LocalizeString("Prompt_ListServices_ImplementationInstance");
+                return new HtmlOutput(this.LocalizeString("Prompt_ListServices_ImplementationInstance"));
             }
 
             if (descriptor.ImplementationFactory != null)
             {
-                return this.LocalizeString("Prompt_ListServices_ImplementationFactory");
+                return new HtmlOutput(this.LocalizeString("Prompt_ListServices_ImplementationFactory"));
             }
 
             return this.GetTypeName(descriptor.ImplementationType);
         }
 
-        private string GetTypeName(Type type)
+        private IConsoleOutput GetTypeName(Type type)
         {
             if (type == null)
             {
-                return this.LocalizeString("Prompt_ListServices_None");
+                return new HtmlOutput(this.LocalizeString("Prompt_ListServices_None"));
             }
 
-            return WebUtility.HtmlEncode(type.FullName ?? type.Name);
+            return new TextOutput(type.FullName ?? type.Name);
         }
     }
 }

DNN Platform/Library/DotNetNuke.Library.csproj

@@ -326,7 +326,9 @@
     <Compile Include="Prompt\ConsoleCommand.cs" />
     <Compile Include="Prompt\Output\ConsoleErrorResultModel.cs" />
     <Compile Include="Prompt\Output\ConsoleResultModel.cs" />
+    <Compile Include="Prompt\Output\HtmlOutput.cs" />
     <Compile Include="Prompt\Output\PagingInfo.cs" />
+    <Compile Include="Prompt\Output\TextOutput.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="Collections\CollectionExtensions.cs" />
     <Compile Include="Collections\IIndexable.cs" />

DNN Platform/Library/DotNetNuke.Library.csproj.DotSettings

@@ -0,0 +1,4 @@
+<wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation">
+	<s:Boolean x:Key="/Default/CodeInspection/NamespaceProvider/NamespaceFoldersToSkip/=prompt_005Cattributes/@EntryIndexedValue">True</s:Boolean>
+	<s:Boolean x:Key="/Default/CodeInspection/NamespaceProvider/NamespaceFoldersToSkip/=prompt_005Ccommon/@EntryIndexedValue">True</s:Boolean>
+	<s:Boolean x:Key="/Default/CodeInspection/NamespaceProvider/NamespaceFoldersToSkip/=prompt_005Coutput/@EntryIndexedValue">True</s:Boolean></wpf:ResourceDictionary>

DNN Platform/Library/Prompt/Attributes/ConsoleCommandAttribute.cs

@@ -5,6 +5,7 @@ namespace DotNetNuke.Prompt
 {
     using System;
 
+    /// <summary>An attribute decorating a Prompt command.</summary>
     [AttributeUsage(AttributeTargets.Class)]
     public class ConsoleCommandAttribute : Attribute
     {