Table of Contents

Enum UriSafetyValidator.SafetyOutcome

Namespace
NetPdf
Assembly
NetPdf.dll

Per PR #16 review user-recommendation #5 + Copilot review #8 — the result of Validate(Uri, SecurityPolicy) is no longer a binary safe/unsafe split. file: URIs under the AllowFileSchemeUnderBaseUri default need a base-path check that this validator does not perform (it has no BaseUri in scope), and treating the scheme-allowlist verdict as a complete answer led to easy misuse. The three-state UriSafetyValidator.SafetyOutcome makes the contract explicit at the call site.

public enum UriSafetyValidator.SafetyOutcome

Fields

RequiresBasePathCheck = 2

Scheme is allowed but a follow-up check is required before the fetch is safe. For file: URIs this means the loader must verify the resolved path lies under HtmlPdfOptions.BaseUri's directory subtree (the AllowFileSchemeUnderBaseUri contract). The validator cannot perform this check itself because it does not know the active BaseUri.

Safe = 0

Scheme + host both pass policy. The loader may proceed with the fetch.

Unsafe = 1

Scheme or host violates policy. The loader must reject the fetch + emit RES-SECURITY-DENIED-001.