CsQuery icon indicating copy to clipboard operation
CsQuery copied to clipboard

Published 20 hours ago verified publisher icon jamietre

Sanitize HTML - Feature

Open ghost opened this issue 12 years ago • 2 comments

It would be nice to add some method for easy sanitizing HTML - remove any javascript, forms and other dangerous stuff.

var doc = CQ.Create(original);

doc[selector].RemoveUnsafeHTML();

var html = doc.Render();

I know I can write it myself with existing library, but I don't think a newbie like me can prevent some 'advanced' XSS techniques because I don't know HTML well enough.

ghost avatar Mar 17 '13 03:03 ghost

I think this would be a good idea for an extension method. I'm not totally convinced it belongs in the core library because it's really an application of its own, and I would think something like this could have a lot of configuration, etc.

But there is no question it's a very common application and belongs somewhere nearby, along with some other useful add-ons (like something to pretty-format HTML). I will think about this for the next version.

jamietre avatar Mar 19 '13 11:03 jamietre

Just an FYI, this has already been done in a project that uses CsQuery: https://github.com/mganss/HtmlSanitizer - perhaps it would be worth creating a combined project?

tiesont avatar Aug 06 '13 10:08 tiesont