Sanitizing HTML in .NET Core

Thu, 25 Feb 2021 15:06 UTC by garethbrown

Looking through options for sanitizing HTML, I found my way to the following library:

HtmlSantizer uses a whitelist approach to HTML sanitization. A whitelist approach to HTML sanitization is more secure in that there is less scope for missing dangerous tags and attributes. It also works well in a markdown context where a limited set of known tags will make up the output HTML.

If you want to allow additional tags and attributes to remain in the output HTML, you can configure the HtmlSanitizerclass as follows:

var sanitizer = new HtmlSanitizer();  
var sanitized = sanitizer.Sanitize(html);

Rick Strahl’s blog provides a good overview of some of the concerns in the following two blog posts:

UI block loader
One moment please ...