Vereyon.Web.HtmlSanitizer 1.4.0

.NET Standard 1.3 This package targets .NET Standard 1.3. The package is compatible with this framework or higher. .NET Framework 4.0 This package targets .NET Framework 4.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package Vereyon.Web.HtmlSanitizer --version 1.4.0                

                    
                

            
NuGet\Install-Package Vereyon.Web.HtmlSanitizer -Version 1.4.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Vereyon.Web.HtmlSanitizer" Version="1.4.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add Vereyon.Web.HtmlSanitizer --version 1.4.0                

                    
                

            
#r "nuget: Vereyon.Web.HtmlSanitizer, 1.4.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install Vereyon.Web.HtmlSanitizer as a Cake Addin
#addin nuget:?package=Vereyon.Web.HtmlSanitizer&version=1.4.0

// Install Vereyon.Web.HtmlSanitizer as a Cake Tool
#tool nuget:?package=Vereyon.Web.HtmlSanitizer&version=1.4.0

HtmlRuleSanitizer

NuGet version

HtmlRuleSanitizer is a white list rule based HTML sanitizer built on top of the HTML Agility Pack.

var sanitizer = HtmlSanitizer.SimpleHtml5Sanitizer();
string cleanHtml = sanitizer.Sanitize(dirtyHtml);

Without configuration HtmlRuleSanitizer will strip absolutely everything. This ensures that you are in control of what HTML is getting through. It was inspired by the client side parser of the wysihtml5 editor.

Use cases

HtmlRuleSanitizer was designed with the following use cases in mind:

  • Prevent cross-site scripting (XSS) attacks by removing javascript and other malicious HTML fragments.
  • Restrict HTML to simple markup in order to allow for easy transformation to other document types without having to deal with all possible HTML tags.
  • Enforce nofollow on links to discourage link spam.
  • Cleanup submitted HTML by removing empty tags for example.
  • Restrict HTML to a limited set of tags, for example in a comment system.

Features

  • CSS class white listing
  • Empty tag removal
  • Tag white listing
  • Tag attribute and CSS class enforcement
  • Tag flattening to simplify document structure while maintaining content
  • Tag renaming
  • Attribute checks (e.g. URL validity) and white listing
  • A fluent style configuration interface
  • HTML entity encoding

Usage

Install the HtmlRuleSanitizer NuGet package.

Basic usage

var sanitizer = HtmlSanitizer.SimpleHtml5Sanitizer();
string cleanHtml = sanitizer.Sanitize(dirtyHtml);

Note: the SimpleHtml5Sanitizer returns a rule set which does not allow for a full document definition. Use SimpleHtml5DocumentSanitizer

Sanitize a document

var sanitizer = HtmlSanitizer.SimpleHtml5DocumentSanitizer();
string cleanHtml = sanitizer.Sanitize(dirtyHtml);

Configuration

The code below demonstrates how to configure a rule set which only allows strong, i and a tags and which enforces the link tags to have a valid url, be no-follow and open in a new window. In addition, any b tag is renamed to strong because they more or less do the same anyway and b is deprecated. Any empty tags are removed to get rid of them. This would be a nice example for comment processing.

var sanitizer = new HtmlSanitizer();
sanitizer.Tag("strong").RemoveEmpty();
sanitizer.Tag("b").Rename("strong").RemoveEmpty();
sanitizer.Tag("i").RemoveEmpty();
sanitizer.Tag("a").SetAttribute("target", "_blank")
	.SetAttribute("rel", "nofollow")
	.CheckAttribute("href", HtmlSanitizerCheckType.Url)
	.RemoveEmpty();

string cleanHtml = sanitizer.Sanitize(dirtyHtml);

Tests

Got tests? Yes, see the tests project. It uses xUnit.

More information

License

MIT X11

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp1.0 was computed.  netcoreapp1.1 was computed.  netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard1.3 is compatible.  netstandard1.4 was computed.  netstandard1.5 was computed.  netstandard1.6 was computed.  netstandard2.0 was computed.  netstandard2.1 was computed. 
.NET Framework net40 is compatible.  net403 was computed.  net45 was computed.  net451 was computed.  net452 was computed.  net46 was computed.  net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen30 was computed.  tizen40 was computed.  tizen60 was computed. 
Universal Windows Platform uap was computed.  uap10.0 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Vereyon.Web.HtmlSanitizer:

Package Downloads
SuperiorAcumaticaPackage

Dependencies required to compile the SuperiorAcumaticaSolution for Acumatica 2024R2 Build 24.201.0052

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.8.0 75,003 10/28/2023
1.7.1 16,550 8/6/2023
1.7.0 49,715 4/8/2023
1.6.0.1 364,617 2/6/2021
1.6.0 19,595 4/19/2020
1.6.0-beta1 431 3/29/2020
1.5.1 69,147 10/27/2019
1.5.0 31,901 12/26/2018
1.4.0 31,711 12/26/2017
1.3.1.1 88,465 9/26/2017
1.3.1 18,764 6/14/2017
1.3.0 3,429 1/15/2017
1.2.1 1,178 1/15/2017
1.2.0 5,095 8/15/2016
1.1.4 2,686 5/13/2016
1.1.3 8,143 1/15/2016
1.1.2 3,201 11/7/2015
1.1.1 2,039 7/8/2015
1.1.0 1,344 6/18/2015
1.0.0 1,630 5/3/2015

First NET Standard / NET Core compatible release. No functional changes.