Is there a .NET implementation for HtmlPurifier (php)

Question

Is there a .NET implementation for HtmlPurifier (php)

Is there a complete Html library clean / Anti-Xss for .NET that also has a specific whitelist. I know that Microsoft Anti-Xss is a good place to start, but for this you need to have a whitelist for allowed html tags and css. Does anyone know something?

+7

.net htmlpurifier

Arron s Jan 12 '10 at 18:09

source share

2 answers

According to MSDN (see "Allow restricted HTML input"), the best way to misinform the input HTML is to call HttpUtility.HtmlEncode () on your input and then selectively replace the encoding with all your whitelists as follows:

 <%@ Page Language="C#" ValidateRequest="false"%> <script runat="server"> void submitBtn_Click(object sender, EventArgs e) { // Encode the string input StringBuilder sb = new StringBuilder( HttpUtility.HtmlEncode(htmlInputTxt.Text)); // Selectively allow and <i> sb.Replace("&lt;b&gt;", "<b>"); sb.Replace("&lt;/b&gt;", ""); sb.Replace("&lt;i&gt;", "<i>"); sb.Replace("&lt;/i&gt;", ""); Response.Write(sb.ToString()); } </script>

See also in this article .

+1

Repo man Jan 12 '10 at 21:05

source share

orip · Accepted Answer · 2010-05-05T13:09:38+0000

What happened to the Microsoft Anti-XSS library (which you mentioned)?

They have a comprehensive HTML disinfection that filters whitelisted characters, parses HTML, filters whitelisted nodes, and then restores (safe) HTML. You can change whitelists (since the code is open), but I'm not sure what you want.

Using is also simple:

var sanitizedHtml = Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(inputHtml);

Is there a .NET implementation for HtmlPurifier (php)

More articles: