.NET HTML whitelisting (anti-xss/Cross Site Scripting)

Question

I\'ve got the common situation where I\'ve got user input that uses a subset of HTML (input with tinyMCE). I need to have some server-side protection against XSS attacks an

Answer 1

http://www.microsoft.com/en-us/download/details.aspx?id=28589 You can download a version here, but I linked it for the useful DOCX file. My preferred method is to use the NuGet package manager to get the latest AntiXSS package.

You can use the HtmlSanitizationLibrary assembly found in the 4.x AntiXss library. Note that GetSafeHtml() is in the HtmlSanitizationLibrary, under Microsoft.Security.Application.Sanitizer.