RockFluid.MarkupSanity by John Kevin Cheng

<PackageReference Include="RockFluid.MarkupSanity" Version="1.4.0" />

.NET API 19,456 bytes

 RockFluid.MarkupSanity 1.4.0

Uses HtmlAgilityPack parser to protect against cross-site scripting by sanitizing html text against unrecognized tags and attributes. HTML is matched against defined whitelisted tags and attributes to ensure only known safe markups are allowed. Basic usage: String inputValue = "<a onclick="javascript:alert('Gotcha!');" href="javascript:alert('Gotcha again!');">Click Me</a>"; String cleanValue = inputValue.SanitizeHtml(); Console.Writeline(cleanValue); More information is available in the project site's wiki. What's New? 1.4.0 - Added RemoveComments configuration property. This allows the retention of comments after cleaning. - Refactored Sanitize() function for code maintainability. - Added new SanitizeConfigurations class to allow cleaning with a different set of configurations from the global settings. - Added new TrySanitizeHtml() function to check whether the input was dirty and subsequently cleaned. 1.3.1 - Added RemoveMarkupTagsOnly configuration property. This provides the option to remove the invalid markup tag only, retaining the contents. - Fixed a bug where spaces in the value of Type attributes circumvents the script type checking. 1.2.0 - Added CustomBlacklistedTags configuration property. This removes tags from internal and custom whitelists, for cases when internal list is acceptable except for a few tags configured in it. 1.1.0 - Added Supplemental Tags and Attributes to add extra elements to the internal defaults, instead of having to add all defaults again to the customs lists just to add a few special ones. - Other internal improvements. 1.0.1 - Added a comprehensive list of default whitelisted tags and attributes.

<package xmlns="http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd">
  <metadata>
    <id>RockFluid.MarkupSanity</id>
    <version>1.4.0</version>
    <authors>John Kevin Cheng</authors>
    <owners>John Kevin Cheng</owners>
    <requireLicenseAcceptance>false</requireLicenseAcceptance>
    <licenseUrl>https://github.com/johnkevincheng/MarkupSanity/blob/master/LICENSE</licenseUrl>
    <projectUrl>https://github.com/johnkevincheng/MarkupSanity</projectUrl>
    <iconUrl>https://raw.githubusercontent.com/johnkevincheng/SupportFiles/master/MarkupSanitySupportFiles/MarkupSanityIcon.png</iconUrl>
    <description>Uses HtmlAgilityPack parser to protect against cross-site scripting by sanitizing html text against unrecognized tags and attributes.
	
HTML is matched against defined whitelisted tags and attributes to ensure only known safe markups are allowed.

Basic usage:
String inputValue = "&lt;a onclick="javascript:alert('Gotcha!');" href="javascript:alert('Gotcha again!');"&gt;Click Me&lt;/a&gt;";
String cleanValue = inputValue.SanitizeHtml();
Console.Writeline(cleanValue);

More information is available in the project site's wiki.

What's New?
1.4.0
- Added RemoveComments configuration property. This allows the retention of comments after cleaning.
- Refactored Sanitize() function for code maintainability.
- Added new SanitizeConfigurations class to allow cleaning with a different set of configurations from the global settings.
- Added new TrySanitizeHtml() function to check whether the input was dirty and subsequently cleaned.

1.3.1
- Added RemoveMarkupTagsOnly configuration property. This provides the option to remove the invalid markup tag only, retaining the contents.
- Fixed a bug where spaces in the value of Type attributes circumvents the script type checking.

1.2.0
- Added CustomBlacklistedTags configuration property. This removes tags from internal and custom whitelists, for cases when internal list is acceptable except for a few tags configured in it.

1.1.0
- Added Supplemental Tags and Attributes to add extra elements to the internal defaults, instead of having to add all defaults again to the customs lists just to add a few special ones.
- Other internal improvements.

1.0.1
- Added a comprehensive list of default whitelisted tags and attributes.</description>
    <summary>Uses HtmlAgilityPack parser to protect against cross-site scripting by sanitizing html text against unrecognized tags and attributes.</summary>
    <releaseNotes>Miscellaneous internal refactorings.</releaseNotes>
    <copyright>Copyright 2019</copyright>
    <tags>xss-filter sanitize-html cross-site-scripting cross-site htmlagilitypack</tags>
    <dependencies>
      <dependency id="HtmlAgilityPack" version="1.6.5" />
    </dependencies>
  </metadata>
</package>