I'm looking for C# regular expression to replace/remove all JavaScript from HTML. Can someone please help me with the code?
+5
A:
Removing just the <script> tags won't actually do it. That's because you can put Javascript in event handlers too (onclick, etc). They're a lot harder to catch with a regular expression.
Once again, we revisit the issue or parsing or processing HTML with regular expressions. It's the wrong tool for the job. If you don't want flaky code, use an HTML parser.
cletus
2009-05-17 18:35:05
+3
A:
Why do you want to filter javascript?
If you are trying to prevent cross-site scripting attacks in a web application you're probably better off using a well-tested library for that purpose. It looks like Microsoft has an AntiXSS library, which may be of use.
warpr
2009-05-17 18:36:39
AntiXSS library is not really flexible enough and blocks object tags as well. Is there any other alternatives?
negative
2010-06-18 07:20:08