A journal for sharing all things software development related
Sanitizing HTML in .NET Core
Tue, 17 Dec 2019 08:51 UTC by garethbrown
Looking through options for sanitizing HTML, I found my way to the following library.
HtmlSantizer uses a whitelist approach to HTML sanitization. A whitelist approach to HTML sanitization is more secure in that there is less scope for missing dangerous tags and attributes. It also works well in a markdown context where a limited set of known tags will make up the output HTML.
If you want to allow additional tags and attributes to remain in the output HTML, you can configure the HtmlSanitizer class as follows:
var sanitizer = new HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); var sanitized = sanitizer.Sanitize(html);
Rick Strahl's blog provides a good overview of some of the concerns in the following two blog posts.
The information on this site is provided “AS IS” and without warranties of any kind either express or implied. To the fullest extent permissible pursuant to applicable laws, the author disclaims all warranties, express or implied, including, but not limited to, implied warranties of merchantability, non-infringement and suitability for a particular purpose.
Email garethbrown: firstname.lastname@example.org