Reputation: 2192
Allow and Limit some HTML characters
I have make a messaging system in which user can send messages to each other, they can also send files as attachement in message(its like simple email system). It allows users to send HTML characters and they'll render by browser, for eg if they enter
<b>Hello</b>
it'll rendered as Hello
Its working fine,however i am facing one problem if user enter
<iframe src="anywebsite"><iframe>
theny it'll also rendered by browser.
How can i allow only some particular characters to be rendered by browser rest will display as normal text I am using Asp.net MVC3
In my model class i've add
[AllowHtml] attribute to allow HTML characters
Upvotes: 0
Views: 440
Answers (1)
Reputation: 1039398
You could use the AntiXss library:
For example:
@Html.Raw(Sanitizer.GetSafeHtmlFragment("<b>Hello</b>"))
@Html.Raw(Sanitizer.GetSafeHtmlFragment("<iframe src=\"anywebsite\"><iframe>"))
The first will render the Hello text in bold whereas the second won't render anything as it is not considered safe.
You could also checkout the AntiSamy project.
Upvotes: 2
Related Questions
- How do I limit the length of characters in a textbox in MVC?
- How do I allow selective HTML input in my ASP.NET MVC application?
- Allowing only certain HTML tags as user input
- Limit the number of characters displayed
- How to limit the number of characters in MVC
- How to allow a text box accepting only specific HTML tags?
- Prevent html tags entries in mvc textbox using regular expression
- How do you limit the No. of chars with ASP.NET MVC
- Customize [AllowHtml] to allow specific html tags
- How to allow some html tags and disallow others?