For software development and maintenance, contact me at contact@appsoftware.com or via appsoftware.com


Sanitizing HTML in .NET Core

Thu, 25 Feb 2021 by garethbrown

Looking through options for sanitizing HTML, I found my way to the following library:

https://github.com/mganss/HtmlSanitizer

HtmlSantizer uses a whitelist approach to HTML sanitization. A whitelist approach to HTML sanitization is more secure in that there is less scope for missing dangerous tags and attributes. It also works well in a markdown context where a limited set of known tags will make up the output HTML.

If you want to allow additional tags and attributes to remain in the output HTML, you can configure the HtmlSanitizerclass as follows:

var sanitizer = new HtmlSanitizer();  
sanitizer.AllowedAttributes.Add("class");  
var sanitized = sanitizer.Sanitize(html);

Rick Strahl’s blog provides a good overview of some of the concerns in the following two blog posts:


The information provided on this Website is for general informational and educational purposes only. While we strive to provide accurate and up-to-date information, we make no warranties or representations, express or implied, as to the accuracy, completeness, reliability, or suitability of the content, including code samples and product recommendations, presented on this Website.

The use of any information, code samples, or product recommendations on this Website is entirely at your own risk, and we shall not be held liable for any loss or damage, direct or indirect, arising from or in connection with the use of this Website or the information provided herein.
UI block loader
One moment please ...