Questions tagged [html-sanitizing]

HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated "safe".

HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated "safe". HTML sanitization can be used to protect against cross-site scripting (XSS) attacks by sanitizing any HTML code submitted by a user.

203 questions

836

votes

17 answers

Insert HTML into view from AngularJS controller

Is it possible to create an HTML fragment in an AngularJS controller and have this HTML shown in the view? This comes from a requirement to turn an inconsistent JSON blob into a nested list of id: value pairs. Therefore the HTML is created in the…

asked Feb 21 '12 at 17:12

Swaff

13,548
4
26
26

votes

10 answers

Sanitize/Rewrite HTML on the Client Side

I need to display external resources loaded via cross domain requests and make sure to only display "safe" content. Could use Prototype's String#stripScripts to remove script blocks. But handlers such as onclick or onerror are still there. Is there…

javascript html security html-sanitizing

asked Nov 17 '08 at 13:34

aemkei

11,076
8
37
29

votes

12 answers

Best way to handle security and avoid XSS with user entered URLs

We have a high security application and we want to allow users to enter URLs that other users will see. This introduces a high risk of XSS hacks - a user could potentially enter javascript that another user ends up executing. Since we hold sensitive…

security url xss html-sanitizing

asked Oct 15 '08 at 18:46

Keith

150,284
78
298
434

votes

5 answers

How to use C# to sanitize input on an html page?

Is there a library or acceptable method for sanitizing the input to an html page? In this case I have a form with just a name, phone number, and email address. Code must be C#. For example: "" should become…

c# html-sanitizing antixsslibrary

asked Oct 09 '08 at 19:41

NotMe

87,343
27
171
245

votes

3 answers

Simple HTML sanitizer in Javascript

I'm looking for a simple HTML sanitizer written in JavaScript. It doesn't need to be 100% XSS secure. I'm implementing Markdown and the WMD Markdown editor (The SO master branch from github) on my website. The problem is that the HTML shown in the…

javascript html wmd html-sanitizing

asked Oct 28 '09 at 13:35

Sander Marechal

22,978
13
65
96

votes

4 answers

Angular 2: sanitizing HTML stripped some content with div id - this is bug or feature?

I use

to pass unescaped HTML to my template, and when I pass to body div with attribute id, Angular throw: WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss). WARNING: sanitizing HTML…

security angular warnings html-sanitizing

asked Sep 24 '16 at 21:32

ktretyak

27,251
11
40
63

votes

5 answers

What can I use to sanitize received HTML while retaining basic formatting?

This is a common problem, I'm hoping it's been thoroughly solved for me. In a system I'm doing for a client, we want to accept HTML from untrusted sources (HTML-formatted email and also HTML files), sanitize it so it doesn't have any scripting,…

html .net sanitization html-sanitizing

asked Dec 30 '10 at 10:17

T.J. Crowder

1,031,962
187
1,923
1,875

votes

6 answers

HTML Sanitizer for .NET

I'm starting a project that will be public facing using asp.net mvc. I know there are about a billion php, python, and ruby html sanitizers out there, but does anyone have some pointers to anything good in .net? What are your experiences with what…

asp.net .net html-sanitizing

asked Dec 04 '08 at 20:06

Matt Briggs

41,224
16
95
126

votes

1 answer

Java: Owasp AntiSamy vs Owasp-java-html-sanitize

I am looking for html purifier library now. And I've found that there are two "owasp" library. First is https://code.google.com/p/owasp-java-html-sanitizer/ and the second is https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project. My…

java owasp html-sanitizing

asked Feb 18 '15 at 06:56

user2022068

votes

4 answers

Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)

I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFragment to sanitize the HTML. Should I santiize…

asp.net xss antixsslibrary html-sanitizing

asked Jan 13 '10 at 22:53

Nick

7,475
18
77
128

votes

3 answers

Angular 5 - sanitizing HTML with pipe

When i got the warning: "WARNING: sanitizing HTML stripped some content" I did some research and saw people using the pipe below or a pipe that looks like the one below import { Pipe, PipeTransform } from '@angular/core'; import { DomSanitizer,…

angular angular5 html-sanitizing

asked Nov 28 '17 at 09:44

Djkobus

votes

1 answer

Angular DomSanitizer - SecurityContext.NONE

Official Angular Security Guide speaks about 4 security contexts: HTML, Url, Style and Resource Url. Each one is responsible for sanitizing corresponding type of resource. In addition, there are 5 methods (per resource type) in DomSanitizer service …

angular dom sanitization html-sanitizing angular-dom-sanitizer

asked Jun 04 '17 at 13:29

JeB

11,653
10
58
87

votes

2 answers

OWASP HTML Sanitizer cleans comments

I have application where customer can store following html lines in order to load different styles for actual browser: