Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to use C# to sanitize input on an html page?

Tags:

c#

html-sanitizing

antixsslibrary

Is there a library or acceptable method for sanitizing the input to an html page?

In this case I have a form with just a name, phone number, and email address.

Code must be C#.

For example:

"<script src='bobs.js'>John Doe</script>" should become "John Doe"

like image 725
NotMe Avatar asked Oct 09 '08 19:10

NotMe

People also ask

How is C used?

C is highly portable and is used for scripting system applications which form a major part of Windows, UNIX, and Linux operating system. C is a general-purpose programming language and can efficiently work on enterprise applications, games, graphics, and applications requiring calculations, etc.

How do I use C on my computer?

It is a bit more cryptic in its style than some other languages, but you get beyond that fairly quickly. C is what is called a compiled language. This means that once you write your C program, you must run it through a C compiler to turn your program into an executable that the computer can run (execute).

How do I start programming with C?

To start using C, you need two things: A text editor, like Notepad, to write C code. A compiler, like GCC, to translate the C code into a language that the computer will understand.

1 Answers

We are using the HtmlSanitizer .Net library, which:

  • Is open-source (MIT) - GitHub link
  • Is fully customizable, e.g. configure which elements should be removed. see wiki
  • Is actively maintained
  • Doesn't have the problems like Microsoft Anti-XSS library
  • Is unit tested with the OWASP XSS Filter Evasion Cheat Sheet
  • Is special built for this (in contrast to HTML Agility Pack, which is a parser - not a sanitizer)
  • Doesn't use regular expressions (HTML isn't a regular language!)

Also on NuGet

like image 87
Julian Avatar answered Oct 28 '22 10:10

Julian
Sign in to Comment

Related questions

How to check if an object is defined?
Extension methods conflict
When should I use Html.Displayfor in MVC
Loading xml with encoding UTF 16 using XDocument
Getting relative virtual path from physical path
How do you declare a Predicate Delegate inline?
Tips for writing fluent interfaces in C# 3
Selecting an item in comboBox by typing
Async programming and Azure functions
Why isn't there an implicit typeof?
How to I display a sort arrow in the header of a list view column using C#?
Casting anonymous type to dynamic
Is async/await suitable for methods that are both IO and CPU bound?
Asp.net mvc - Accessing view Model from a custom Action filter
Measure a String without using a Graphics object?
Is there an Attribute I can use in my class to tell DataGridView not to create a column for it when bound to a List<MyClass>
Will a SHA256 hash always have 64 characters?
C# code for association, aggregation, composition
How to access ssis package variables inside script component
Expression for Type members results in different Expressions (MemberExpression, UnaryExpression)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!