.NET HTML whitelisting (anti-xss/Cross Site Scripting)

Question

I\'ve got the common situation where I\'ve got user input that uses a subset of HTML (input with tinyMCE). I need to have some server-side protection against XSS attacks an

Answer 1

We are using the HtmlSanitizer .Net library, which:

• is open-source
• is actively maintained
• doesn't have the problems like Microsoft Anti-XSS library,
• Is unit tested with the OWASP XSS Filter Evasion Cheat Sheet
• is special built for this (in contrast to HTML Agility Pack, which is a parser)

Also on NuGet