RockFluid.MarkupSanity NuGet Package

Uses HtmlAgilityPack parser to protect against cross-site scripting by sanitizing html text against unrecognized tags and attributes.

HTML is matched against defined whitelisted tags and attributes to ensure only known safe markups are allowed.

Basic usage:
String inputValue = "<a onclick="javascript:alert('Gotcha!');" href="javascript:alert('Gotcha again!');">Click Me</a>";
String cleanValue = inputValue.SanitizeHtml();
Console.Writeline(cleanValue);

More information is available in the project site's wiki.

What's New?
1.4.0
- Added RemoveComments configuration property.

This allows the retention of comments after cleaning.
- Refactored Sanitize() function for code maintainability.
- Added new SanitizeConfigurations class to allow cleaning with a different set of configurations from the global settings.
- Added new TrySanitizeHtml() function to check whether the input was dirty and subsequently cleaned.

1.3.1
- Added RemoveMarkupTagsOnly configuration property. This provides the option to remove the invalid markup tag only, retaining the contents.
- Fixed a bug where spaces in the value of Type attributes circumvents the script type checking.

1.2.0
- Added CustomBlacklistedTags configuration property.

This removes tags from internal and custom whitelists, for cases when internal list is acceptable except for a few tags configured in it.

1.1.0
- Added Supplemental Tags and Attributes to add extra elements to the internal defaults, instead of having to add all defaults again to the customs lists just to add a few special ones.
- Other internal improvements.

1.0.1
- Added a comprehensive list of default whitelisted tags and attributes.