Download
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. It uses AngleSharp to parse, manipulate, and render HTML and CSS. Because HtmlSanitizer is based on a robust HTML parser it can also shield you from deliberate or accidental "tag poisoning" where invalid HTML in one fragment can corrupt the whole document leading to broken layout or style. In order to facilitate different use cases, HtmlSanitizer can be customized at several levels. Configure allowed HTML tags through the property AllowedTags. All other tags will be stripped. Configure allowed HTML attributes through the property AllowedAttributes. All other attributes will be stripped. Configure allowed CSS property names through the property AllowedCssProperties. All other styles will be stripped. Configure allowed CSS at-rules through the property AllowedAtRules. All other at-rules will be stripped.
Features
- Configure allowed HTML tags through the property AllowedTags. All other tags will be stripped
- Cancelable events are raised before a tag, attribute, or style is removed
- Configure HTML attributes that contain URIs (such as "src", "href" etc.) through the property UriAttributes
- Configure allowed URI schemes through the property AllowedSchemes
- Configure allowed CSS property names through the property AllowedCssProperties
- Provide a base URI that will be used to resolve relative URIs against
Project Samples
