Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AntiXss.HtmlEncode vs AntiXss.GetSafeHtmlFragment

Tags:

html

asp.net-mvc

Can anyone please let me know the difference between these two? AntiXss.HtmlEncode() vs AntiXss.GetSafeHtmlFragment()

like image 410
Biki Avatar asked Oct 18 '10 12:10

Biki

People also ask

What is GetSafeHtmlFragment?

GetSafeHtmlFragment (AntiXss v4.0) returns HTML fragments with tags intact: Sanitizer.GetSafeHtmlFragment("<b>hello2</b><script>") //Output: <b>hello2</b>

What is Antixssencoder HtmlEncode?

HtmlEncode(String, Boolean) Encodes the specified string for use as text in HTML markup and optionally specifies whether to use HTML 4.0 named entities. HtmlEncode(String, TextWriter) Encodes the specified string for use as text in HTML markup and outputs the string by using the specified text writer.

What is AntiXSS library?

The Anti-Cross Site Scripting Library (AntiXSS) is an encoding library designed to assist developers in protecting their ASP.NET web-based applications from Cross-Site Scripting (XSS) attacks. It differs from most encoding libraries in that it uses the white-listing technique to provide protection against XSS attacks.

1 Answers

HtmlEcode actually encodes tags:

AntiXss.HtmlEncode("<b>hello</b><script>");
//Output: &lt;b&gt;hello&lt;/b&gt;&lt;script&gt;

GetSafeHtmlFragment (AntiXss v4.0) returns HTML fragments with tags intact:

Sanitizer.GetSafeHtmlFragment("<b>hello2</b><script>")
//Output: <b>hello2</b>

Update

Many consider the latest version of Microsoft's AntiXSS library broken. I've started using HTML Sanitizer as a decent replacement.

like image 132
Brian Chavez Avatar answered Sep 27 '22 18:09

Brian Chavez
Sign in to Comment

Related questions

Line break in ngFor loop
How to find elements by one class, but exclude other using JQuery
Single navigation bar across website?
Divs around a circular Div
Responsive card image with fixed height in bootstrap 4
HTML form not sending data to MySQL using PHP
max-height: fit-content; not working as expected in Mozilla
Dropdown on hover in Bootstrap 4.1
Move checkbox label to left on bootstrap custom checkbox
Disappearing button in HTML
Decomposing HTML to link text and target
Is .html extension better than .php and .aspx for SEO?
Is a <form> valid over a <tr>?
ordered list does not work on IE7 (<ol><li)
make my file readable as either Perl or HTML
Equivalent of valign=center for <p> with css
How do I make an HTML link that doesn't highlight?
strip HTML Tags with perl
Getting meta tag attribute with HTML Agility Pack using XPATH
How to replace all empty <img src=""> on a page with JavaScript on dom loaded?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!