For software development and maintenance, contact me at contact@appsoftware.com or via appsoftware.com
Sanitizing HTML in .NET Core
Thu, 25 Feb 2021 by garethbrown
Looking through options for sanitizing HTML, I found my way to the following library:
https://github.com/mganss/HtmlSanitizer
HtmlSantizer uses a whitelist approach to HTML sanitization. A whitelist approach to HTML sanitization is more secure in that there is less scope for missing dangerous tags and attributes. It also works well in a markdown context where a limited set of known tags will make up the output HTML.
If you want to allow additional tags and attributes to remain in the output HTML, you can configure the HtmlSanitizer
class as follows:
var sanitizer = new HtmlSanitizer();
sanitizer.AllowedAttributes.Add("class");
var sanitized = sanitizer.Sanitize(html);
Rick Strahl’s blog provides a good overview of some of the concerns in the following two blog posts:
The use of any information, code samples, or product recommendations on this Website is entirely at your own risk, and we shall not be held liable for any loss or damage, direct or indirect, arising from or in connection with the use of this Website or the information provided herein.