Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)
Posted
by user102533
on Stack Overflow
See other posts from Stack Overflow
or by user102533
Published on 2010-01-13T22:53:07Z
Indexed on
2010/05/25
21:21 UTC
Read the original article
Hit count: 261
I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFragment
to sanitize the HTML.
- Should I santiize before saving to the database or before rendering the untrusted input into the webpage?
- Is there an advantage in including the AntiXSS source code in my project instead of just the DLL? (Maybe I can customize the white list?)
- Which class file should I look in for actual implementation of the GetSafeHtmlFragment
© Stack Overflow or respective owner