RockFluid.MarkupSanity 1.4.0

Uses HtmlAgilityPack parser to protect against cross-site scripting by sanitizing html text against unrecognized tags and attributes.

HTML is matched against defined whitelisted tags and attributes to ensure only known safe markups are allowed.

Basic usage:
String inputValue = "<a onclick="javascript:alert('Gotcha!');" href="javascript:alert('Gotcha again!');">Click Me</a>";
String cleanValue = inputValue.SanitizeHtml();

More information is available in the project site's wiki.

What's New?
- Added RemoveComments configuration property. This allows the retention of comments after cleaning.
- Refactored Sanitize() function for code maintainability.
- Added new SanitizeConfigurations class to allow cleaning with a different set of configurations from the global settings.
- Added new TrySanitizeHtml() function to check whether the input was dirty and subsequently cleaned.

- Added RemoveMarkupTagsOnly configuration property. This provides the option to remove the invalid markup tag only, retaining the contents.
- Fixed a bug where spaces in the value of Type attributes circumvents the script type checking.

- Added CustomBlacklistedTags configuration property. This removes tags from internal and custom whitelists, for cases when internal list is acceptable except for a few tags configured in it.

- Added Supplemental Tags and Attributes to add extra elements to the internal defaults, instead of having to add all defaults again to the customs lists just to add a few special ones.
- Other internal improvements.

- Added a comprehensive list of default whitelisted tags and attributes.

Install-Package RockFluid.MarkupSanity -Version 1.4.0
dotnet add package RockFluid.MarkupSanity --version 1.4.0
<PackageReference Include="RockFluid.MarkupSanity" Version="1.4.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add RockFluid.MarkupSanity --version 1.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: RockFluid.MarkupSanity, 1.4.0"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install RockFluid.MarkupSanity as a Cake Addin
#addin nuget:?package=RockFluid.MarkupSanity&version=1.4.0

// Install RockFluid.MarkupSanity as a Cake Tool
#tool nuget:?package=RockFluid.MarkupSanity&version=1.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Release Notes

Miscellaneous internal refactorings.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
1.4.0 453 1/6/2019
1.3.1 462 10/23/2018
1.2.0 392 10/22/2018
1.1.0 587 2/10/2018
1.0.1 568 1/23/2018
1.0.0 534 1/7/2018