Looking through options for sanitizing HTML, I found my way to the following library:
HtmlSantizer uses a whitelist approach to HTML sanitization. A whitelist approach to HTML sanitization is more secure in that there is less scope for missing dangerous tags and attributes. It also works well in a markdown context where a limited set of known tags will make up the output HTML.
If you want to allow additional tags and attributes to remain in the output HTML, you can configure the
HtmlSanitizerclass as follows:
var sanitizer = new HtmlSanitizer(); sanitizer.AllowedAttributes.Add("class"); var sanitized = sanitizer.Sanitize(html);
Rick Strahl’s blog provides a good overview of some of the concerns in the following two blog posts: