Questions tagged [html-sanitizing]

HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated "safe".

HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated "safe". HTML sanitization can be used to protect against cross-site scripting (XSS) attacks by sanitizing any HTML code submitted by a user.

203 questions
17 answers

Insert HTML into view from AngularJS controller

Is it possible to create an HTML fragment in an AngularJS controller and have this HTML shown in the view? This comes from a requirement to turn an inconsistent JSON blob into a nested list of id: value pairs. Therefore the HTML is created in the…
  • 13,548
  • 4
  • 26
  • 26
10 answers

Sanitize/Rewrite HTML on the Client Side

I need to display external resources loaded via cross domain requests and make sure to only display "safe" content. Could use Prototype's String#stripScripts to remove script blocks. But handlers such as onclick or onerror are still there. Is there…
  • 11,076
  • 8
  • 37
  • 29
12 answers

Best way to handle security and avoid XSS with user entered URLs

We have a high security application and we want to allow users to enter URLs that other users will see. This introduces a high risk of XSS hacks - a user could potentially enter javascript that another user ends up executing. Since we hold sensitive…
  • 150,284
  • 78
  • 298
  • 434
5 answers

How to use C# to sanitize input on an html page?

Is there a library or acceptable method for sanitizing the input to an html page? In this case I have a form with just a name, phone number, and email address. Code must be C#. For example: "" should become…
  • 87,343
  • 27
  • 171
  • 245
3 answers

Simple HTML sanitizer in Javascript

I'm looking for a simple HTML sanitizer written in JavaScript. It doesn't need to be 100% XSS secure. I'm implementing Markdown and the WMD Markdown editor (The SO master branch from github) on my website. The problem is that the HTML shown in the…
Sander Marechal
  • 22,978
  • 13
  • 65
  • 96
4 answers

Angular 2: sanitizing HTML stripped some content with div id - this is bug or feature?

I use
to pass unescaped HTML to my template, and when I pass to body div with attribute id, Angular throw: WARNING: sanitizing HTML stripped some content (see WARNING: sanitizing HTML…
  • 27,251
  • 11
  • 40
  • 63
5 answers

What can I use to sanitize received HTML while retaining basic formatting?

This is a common problem, I'm hoping it's been thoroughly solved for me. In a system I'm doing for a client, we want to accept HTML from untrusted sources (HTML-formatted email and also HTML files), sanitize it so it doesn't have any scripting,…
T.J. Crowder
  • 1,031,962
  • 187
  • 1,923
  • 1,875
6 answers

HTML Sanitizer for .NET

I'm starting a project that will be public facing using mvc. I know there are about a billion php, python, and ruby html sanitizers out there, but does anyone have some pointers to anything good in .net? What are your experiences with what…
Matt Briggs
  • 41,224
  • 16
  • 95
  • 126
1 answer

Java: Owasp AntiSamy vs Owasp-java-html-sanitize

I am looking for html purifier library now. And I've found that there are two "owasp" library. First is and the second is My…
4 answers

Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)

I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFragment to sanitize the HTML. Should I santiize…
  • 7,475
  • 18
  • 77
  • 128
3 answers

Angular 5 - sanitizing HTML with pipe

When i got the warning: "WARNING: sanitizing HTML stripped some content" I did some research and saw people using the pipe below or a pipe that looks like the one below import { Pipe, PipeTransform } from '@angular/core'; import { DomSanitizer,…
  • 131
  • 1
  • 2
  • 8
1 answer

Angular DomSanitizer - SecurityContext.NONE

Official Angular Security Guide speaks about 4 security contexts: HTML, Url, Style and Resource Url. Each one is responsible for sanitizing corresponding type of resource. In addition, there are 5 methods (per resource type) in DomSanitizer service …
  • 11,653
  • 10
  • 58
  • 87
2 answers

OWASP HTML Sanitizer cleans comments

I have application where customer can store following html lines in order to load different styles for actual browser: