April 23, 2014 / Andrew

Sanitizing HTML input with .NET

My current project needs to accept HTML input from users. Therefore, it needs to sanitize the input to prevent XSS. The previous owner of this project used Microsoft’s AntiXSS library, which is overzealous. For example, it strips out <ul> and <h1> and <strong> elements.

These are the most helpful things I found. They look very similar to each other.

AJAX Control Toolkit’s HtmlAgilityPackSanitizerProvider
Whitelist Sanitize with HTML Agility Pack – contains an actual whitelist for a starting point, which of course you could trim down further

Hopefully those links will help you too.

← Binding StringFormat in XAML – A Workaround

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Sanitizing HTML input with .NET

Leave a Reply Cancel reply

Top Posts & Pages

Pages

Recent

Archives

Sanitizing HTML input with .NET

Share this:

Leave a Reply Cancel reply

Top Posts & Pages

Pages

Recent

Archives