Menu
A user can enter HTML that will later be displayed to other users. The WYSIWYG plugin i'm using sanitizes the HTML from the front end. It removes all potentially malicious tags (script, src, anything starting with "on" etc) I obviously need to do some validation in the back end as well.
Does anyone know of a good solution for C#? I keep seeing this http://roberto.open-lab.com/2010/03/04/a-html-sanitizer-for-c/, though I'm a little hesitant to use some code from a random blog. Are there any well known plugins? What do most people do in this situation?
884
You can use HtmlAgilityPack, which is a well maintained library for all things related to HTML tags. A best practice would be to implement a White List, which is a list of allowable tags. This SO question might be exactly what you need:
HTML Agility Pack strip tags NOT IN whitelist
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
