Using MS Anti XSS library for sanitizing HTML

Posted by user102533 on Stack Overflow See other posts from Stack Overflow or by user102533
Published on 2010-01-08T23:33:18Z Indexed on 2010/06/12 3:02 UTC
Read the original article Hit count: 368

Filed under:
|
|
|
|

In the intent of preventing XSS attacks, I am updating a page in which we have a textbox that accepts HTML, stores it in a database and retrieves and renders it at a later time.

My understanding is that I can sanitize the HTML using AntiXSS.GetSafeHtmlFragment() method. As long as I do this before storing the HTML in the database, am I covered? Do I need to do anything when the HTML is outputted on a web page?

Also, it appears that the white list is kind of a black box. Is there a way to update this based on our requirements?

© Stack Overflow or respective owner

Related posts about .NET

Related posts about ASP.NET