Hello,
This library sounds interesting. I am wondering if it can be configured to do something like the following:
I'd like to find a way to filte the
input from web forms to allow a small subset of explicitly defined HTML
and Attributes in an Allow / White List, but excise any of the non-allowed ones.
Basically, I
would like to be able to specify an "allow" list that might contain B,
I, U, TABLE, TD, TR. and a large number of attributes, excluding, of
course, onmouse*, on* in general.
I believe I could do this with Html Agility Pack: http://www.codeplex.com/htmlagilitypack. However, I also noticed that the examples for the library showed how even src= is a dangerous attribute, so that really stinks. Perhaps stripping explicitly dangerous tags first, and then _also_ running that output through the library would be the solution.
Even still,
I wondered if anyone had written or come across something that is
forward only and does not parse the content into a object tree the way that
Agility Pack does, since I'm not really concerned with well-formedness,
just that absolutely no potentially descructive script or object tags
or attributes get through.
Someone gave me a link to a sample on 4GuysFromRolla, but the solution was not rigorous enough.
Thank you,
Josh