Using MS Anti XSS library for sanitizing HTML
Posted
by user102533
on Stack Overflow
See other posts from Stack Overflow
or by user102533
Published on 2010-01-08T23:33:18Z
Indexed on
2010/06/12
3:02 UTC
Read the original article
Hit count: 368
In the intent of preventing XSS attacks, I am updating a page in which we have a textbox that accepts HTML, stores it in a database and retrieves and renders it at a later time.
My understanding is that I can sanitize the HTML using AntiXSS.GetSafeHtmlFragment()
method. As long as I do this before storing the HTML in the database, am I covered? Do I need to do anything when the HTML is outputted on a web page?
Also, it appears that the white list is kind of a black box. Is there a way to update this based on our requirements?
© Stack Overflow or respective owner