Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding Asp.Net HTML Sanitizer for .NET

Thread Rating:
  • 993 Vote(s) - 3.51 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
HTML Sanitizer for .NET

Offline spikelet289


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Jul 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-23-2023, 06:49 AM
I'm starting a project that will be public facing using asp.net mvc. I know there are about a billion php, python, and ruby html sanitizers out there, but does anyone have some pointers to anything good in .net? What are your experiences with what is out there? I know stackoverflow is a site done in asp.net that allows freeform HTML, what does it use?
Reply

Offline bhagvatcg


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-23-2023, 07:19 AM
<https://blog.stackoverflow.com/2008/06/safe-html-and-xss/>
Reply

Offline beehvlnust


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-23-2023, 07:37 AM
there is a c# version [here][1]


[1]:

[To see links please register here]

Reply

Offline Drherring10


Member
*
Member
Posts: 0
Threads: 0
Joined: Jan 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
07-23-2023, 08:06 AM
Here is one built by microsoft.

[To see links please register here]


var cleanHtml = Sanitizer.GetSafeHtml(unsafeHtml);
Reply

Offline wallylgi


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jun 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#5
07-23-2023, 08:11 AM
### [HtmlSanitizer](

[To see links please register here]

) ###
Source:

[To see links please register here]


A fairly robust sanitizer. It understands and can clean inline styles, but doesn't have a parser that can deal with <style> blocks, so it strips them. It's certainly up to and probably beyond the level that Microsoft's AntiXSS was at, before it was abandoned.
Reply

Offline bluffness474622


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Oct 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#6
07-23-2023, 08:39 AM
**[HtmlRuleSanitizer][1]**

Based on your question I have the following suggestions:

- You want to allow free form HTML, so you need a solution to be able to specify a set of tags, attributes and/or CSS classes which are allowed.
- By allowing free form HTML it is likely that you'll also have to deal with malformed HTML because users make errors (deliberate or not). You thus need a solution built on a tolerant parser such as the [Html Agility Pack][2].
- You'll want to take a white listing approach because a black listing sanitizer does not protect your from any new HTML specifications. In addition it is very hard to guarantee that a black list covers all cases in the first place due to the size of the HTML specification.

I faced the same problem and built HtmlRuleSanitizer which is a white listing rule based HTML sanitizer on top of the Html Agility Pack.


[1]:

[To see links please register here]

[2]:

[To see links please register here]

Reply

Offline raphaelwrrco


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: May 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#7
07-23-2023, 09:06 AM
We can also use

AntiXss.GetSafeHtmlFragments

sanitize input by parsing the HTML fragment,to use this sanitizer for rich content to ensure that it does not content any harmful script and it is safe to be displayed on the browser.For the text input(not rich content) to use AntiXss.HtmlEncode or any other equivalent html encoder.Here is the Sample for rich content.


string mal = "<IMG NAME = 'myPic' SRC = 'images / myPic.gif' onerror='alert(1)' onerror='alert(1) ><div bottommargin = 150 ondblclick = 'alert('double clicked!')' >< p > Double - click anywhere in the page.</p> </div> ";
var cleanHtml = Sanitizer.GetSafeHtmlFragment(mal);
Console.Write(cleanHtml);
Console.Read();



**Note: Download AntiXSS library fron nugetpackage manager and include this namesapce**
**Microsoft.Security.Application in the souce code**;
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through