Uses HtmlAgilityPack parser to protect against cross-site scripting by sanitizing html text against unrecognized tags and attributes.
HTML is matched against defined whitelisted tags and attributes to ensure only known safe markups are allowed.
String cleanValue = inputValue.SanitizeHtml();
More information is available in the project site's wiki.
- Added RemoveComments configuration property. This allows the retention of comments after cleaning.
- Refactored Sanitize() function for code maintainability.
- Added new SanitizeConfigurations class to allow cleaning with a different set of configurations from the global settings.
- Added new TrySanitizeHtml() function to check whether the input was dirty and subsequently cleaned.
- Added RemoveMarkupTagsOnly configuration property. This provides the option to remove the invalid markup tag only, retaining the contents.
- Fixed a bug where spaces in the value of Type attributes circumvents the script type checking.
- Added CustomBlacklistedTags configuration property. This removes tags from internal and custom whitelists, for cases when internal list is acceptable except for a few tags configured in it.
- Added Supplemental Tags and Attributes to add extra elements to the internal defaults, instead of having to add all defaults again to the customs lists just to add a few special ones.
- Other internal improvements.
- Added a comprehensive list of default whitelisted tags and attributes.
Install-Package RockFluid.MarkupSanity -Version 1.4.0
dotnet add package RockFluid.MarkupSanity --version 1.4.0
<PackageReference Include="RockFluid.MarkupSanity" Version="1.4.0" />
paket add RockFluid.MarkupSanity --version 1.4.0
Miscellaneous internal refactorings.
- HtmlAgilityPack (>= 1.6.5)