Reputation: 274
XSS: How can I remove JS snippets from a String in C#?
My usecase is actually quite simple.
Let's say I get an input argument like abcdalert(document.cookie); and I want to scrub it off the (document.cookie); part.
What is the most efficient way to do this in ASP.NET C#?
PS: The snippet can be any JS code. Not necessarily alerts.
Upvotes: 1
Views: 824
Answers (1)
Reputation: 18066
I recommend the HtmlSanitizer .Net library to apply server side sanitization
https://github.com/mganss/HtmlSanitizer
This library used for cleaning HTML fragments and documents from potential XSS attacks. It uses AngleSharp to parse, manipulate, and render HTML and CSS. It is based on a robust HTML parser that can protect your code from deliberate or accidental "tag poisoning" where invalid HTML in one fragment can corrupt the whole document (which can lead to a broken layout or style)
Upvotes: 1
Related Questions
- C# How to sanitize a string of XSS?
- Remove all Inline Javascript in C#
- Remove a character in C#
- Remove all javascript from page
- How to remove all javascript from an html string (with javascript or jquery)?
- Remove JavaScript comments from string with C#
- Fix string for JavaScript in C#
- XSS on javascript output in ASP.Net
- How can I strip non-XHTML tags from a string in C#?
- Know of a good way to clean a string in .net to be used in Javascript?