Merge branch 'main' into main

Author: shanselman

source/DasBlog.Web.Repositories/BlogManager.cs

@@ -363,11 +363,15 @@ public CommentSaveState AddComment(string postid, Comment comment)
 			{
 				var targetComment = DateTime.UtcNow.AddDays(-1 * dasBlogSettings.SiteConfiguration.DaysCommentsAllowed);
 
-				if (targetComment > entry.CreatedUtc)
+				if ((targetComment > entry.CreatedUtc))
 				{
 					return CommentSaveState.PostCommentsDisabled;
 				}
 
+				// FilterHtml html encodes anything we don't like
+				string filteredText = dasBlogSettings.FilterHtml(comment.Content);
+				comment.Content = filteredText;
+
 				if (dasBlogSettings.SiteConfiguration.SendCommentsByEmail)
 				{
 					var actions = ComposeMailForUsers(entry, comment);

source/DasBlog.Web.UI/Controllers/BlogPostController.cs

@@ -447,6 +447,8 @@ public IActionResult AddComment(AddCommentViewModel addcomment)
 			commt.EntryId = Guid.NewGuid().ToString();
 			commt.IsPublic = !dasBlogSettings.SiteConfiguration.CommentsRequireApproval;
 
+			logger.LogInformation(new EventDataItem(EventCodes.CommentAdded, null, "Comment CONTENT DUMP", commt.Content));
+
 			var state = blogManager.AddComment(addcomment.TargetEntryId, commt);
 
 			if (state == NBR.CommentSaveState.Failed)

source/DasBlog.Web.UI/TagHelpers/Comments/CommentContentTagHelper.cs

@@ -27,7 +27,8 @@ public override void Process(TagHelperContext context, TagHelperOutput output)
 		{
 			output.TagName = "div";
 			output.TagMode = TagMode.StartTagAndEndTag;
-			output.Attributes.SetAttribute("class", Css);
+
+      output.Attributes.SetAttribute("class", Css);
 			Comment.Text = dasBlogSettings.FilterHtml(Comment.Text);
 			Comment.Text = Regex.Replace(Comment.Text, "\n", "<br />");
 			output.Content.SetHtmlContent(HttpUtility.HtmlDecode(Comment.Text));