Use Journals for your notes and blogging!

Software Development

A journal for sharing all things software development related


Sanitizing HTML in .NET Core

Tue, 17 Dec 2019 08:51 UTC by garethbrown

Looking through options for sanitizing HTML, I found my way to the following library.

HtmlSanitizer

https://github.com/mganss/HtmlSanitizer

HtmlSantizer uses a whitelist approach to HTML sanitization. A whitelist approach to HTML sanitization is more secure in that there is less scope for missing dangerous tags and attributes. It also works well in a markdown context where a limited set of known tags will make up the output HTML.

If you want to allow additional tags and attributes to remain in the output HTML, you can configure the HtmlSanitizer class as follows:

var sanitizer = new HtmlSanitizer();
sanitizer.AllowedAttributes.Add("class");
var sanitized = sanitizer.Sanitize(html);

Rick Strahl's blog provides a good overview of some of the concerns in the following two blog posts.


The information on this site is provided “AS IS” and without warranties of any kind either express or implied. To the fullest extent permissible pursuant to applicable laws, the author disclaims all warranties, express or implied, including, but not limited to, implied warranties of merchantability, non-infringement and suitability for a particular purpose.


Software development notes and articles

Email garethbrown: mail@appsoftware.com

UI block loader
One moment please ...