Forums Ultimate UI for ASP.NET Web Forms
Your Privacy Matters: We use our own and third-party cookies to improve your experience on our website. By continuing to use the website we understand that you accept their use. Cookie Policy
Close
Andy
255
webhtmleditor html injection
posted

I have an infragistics webhtmleditor into which a user enters formatted text for display on a report (using a report building tool that renders html).  The text needs to be re-rendered to the page (as the text is editable...like in a future entry to the dialog).

I need to protect against html injection.

It seems like "white list" protection of the html would be best (since it's a very limited set of html that can be allowed, e.g. <BOLD>, <FONT...>, etc.

I can HTMLEncode the text easily (using the HTTPUtility.HtmlEncode method), but need a good way to "unencode" the "allowed" tags (and their associated closes).  What is the easiest way to do this.  Know of existing library/code to do this?

 Thanks!