Sanitizing HTML input with .NET
My current project needs to accept HTML input from users. Therefore, it needs to sanitize the input to prevent XSS. The previous owner of this project used Microsoft’s AntiXSS library, which is overzealous. For example, it strips out <ul> and <h1> and <strong> elements.
These are the most helpful things I found. They look very similar to each other.
- AJAX Control Toolkit’s HtmlAgilityPackSanitizerProvider
- Whitelist Sanitize with HTML Agility Pack – contains an actual whitelist for a starting point, which of course you could trim down further
Hopefully those links will help you too.
Advertisements
Leave a Reply