Question 1

How do I allow the class attribute in HtmlSanitizer?

Accepted Answer

Add 'class' to the AllowedAttributes property, as the README notes it's disallowed by default to prevent classjacking. Example code: sanitizer.AllowedAttributes.Add("class"); to enable it for specific use cases.

Question 2

HtmlSanitizer vs Microsoft AntiXSS – which is better for .NET?

Accepted Answer

HtmlSanitizer is more modern, using AngleSharp for robust HTML5 parsing and offering finer configurability, while AntiXSS is older and may lack support for newer HTML features. Choose HtmlSanitizer for flexibility, but AntiXSS might suffice for simpler, legacy scenarios.

Question 3

Does HtmlSanitizer protect against CSS-based XSS attacks?

Accepted Answer

Yes, it sanitizes CSS properties and at-rules by default, removing dangerous constructs like 'javascript:' URLs in styles. However, you must configure AllowedCssProperties and AllowedAtRules appropriately to balance security and functionality.

Question 4

How to handle mailto links in sanitized HTML?

Accepted Answer

Add 'mailto' to the AllowedSchemes property. The README provides an example: sanitizer.AllowedSchemes.Add("mailto"); to allow email links while maintaining security for other URI schemes like http and https.

Question 5

Is HtmlSanitizer performance-intensive for large documents?

Accepted Answer

It can be, as it relies on AngleSharp for full HTML parsing and rendering. For high-volume applications, consider caching sanitized results or benchmarking to ensure it meets performance requirements, as the overhead might impact real-time processing.

Question 6

Can I use HtmlSanitizer with .NET Core or .NET 8?

Accepted Answer

Yes, it supports .NET Standard 2.0, .NET Framework 4.6.2, and .NET 8.0, as shown by the badges in the README, making it compatible with modern .NET versions and cross-platform development.

HtmlSanitizer

What is HtmlSanitizer?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions