mganssmganss
1670

HtmlSanitizer

screenshot of HtmlSanitizer

Cleans HTML to avoid XSS attacks

Github

Overview

HtmlSanitizer is a powerful .NET library designed to secure HTML fragments and documents from potential XSS vulnerabilities. Utilizing AngleSharp for parsing, manipulating, and rendering HTML and CSS, it provides a robust solution for ensuring that web applications remain safe and functional. The library stands out by effectively preventing "tag poisoning," where invalid HTML can disrupt the entire document's layout or style, making it an essential tool for developers aiming for clean and secure outputs.

With customizable features that cater to various use cases, HtmlSanitizer not only promotes security but also offers flexibility in handling allowed HTML tags, attributes, and styles. This adaptability means developers can fine-tune their settings based on specific project requirements, resulting in a cleaner integration of sanitized HTML content.

Features

  • Customizable Allowed Tags: Control which HTML tags are permissible through the AllowedTags property, stripping away any others automatically.

  • Manage Allowed Attributes: The AllowedAttributes property enables you to specify which attributes can be used, protecting against unwanted content.

  • Fine-tune CSS Properties: With AllowedCssProperties, specify valid CSS styles to further sanitize and control the visual presentation of the content.

  • Handle CSS At-Rules: The AllowedAtRules property allows for precise control over which CSS at-rules are acceptable, ensuring only desired rules are applied.

  • Control URI Schemes: Use the AllowedSchemes property to define acceptable URI schemes, preventing potentially malicious links from being included.

  • Dynamic URI Management: The library offers the UriAttributes property to manage which HTML attributes that use URIs (like src and href) will be processed.

  • Base URI Resolution: It includes features for providing a base URI to resolve relative URIs, making it easier to integrate with existing structures.

  • Event-driven Control: Events are triggered before any tag, attribute, or style is removed, giving developers the chance to intervene in the sanitization process.