Hello I'm using visual studio 2008 with asp.net mvc 2. I need anti xss library to santitize an input which is generated by rich text editor (lightweight RTE). I want to use AntiXss.GetSafeHtmlFragment(input); function.
the problem is that VS 2008 crashes after I reference anti xss dll (it works fine in the first time but than it crashes).
Does anybody how to fix this problem? If not can somebody point me to a working altrenative ( I tried using html agility pack while allowing a white list but I have only managed to allow tags without attributes).
the code for the html agility filter -
public static string Filter(string html, string[] allowedTags)
{
HtmlDocument doc = new HtmlDocument();
doc.LoadHtml(html);
StringBuilder buffer = new StringBuilder();
Process(doc.DocumentNode, buffer, allowedTags);
return buffer.ToString();
}
static string[] RemoveChildrenOfTags = new string[] { "script", "style" };
static void Process(HtmlNode node, StringBuilder buffer, string[] allowedTags)
{
switch (node.NodeType)
{
case HtmlNodeType.Text:
buffer.Append(HttpUtility.HtmlEncode(((HtmlTextNode)node).Text));
break;
case HtmlNodeType.Element:
case HtmlNodeType.Document:
bool allowedTag = allowedTags.Contains(node.Name.ToLower());
if (allowedTag)
buffer.AppendFormat("<{0}>", node.Name);
if (!RemoveChildrenOfTags.Contains(node.Name))
foreach (HtmlNode childNode in node.ChildNodes)
Process(childNode, buffer, allowedTags);
if (allowedTag)
buffer.AppendFormat("</{0}>", node.Name);
break;
}
}
Thank you!