Michael Ganss

@panetta-net-au You're right, currently the context of fragments is always `...`. If you want another context, the workaround is to wrap the input with your context before sanitization and then...

What exactly is breaking the web application? Perhaps you can try and [replace the formatter](https://github.com/mganss/HtmlSanitizer/wiki/Examples#ex3-replacing-the-default-formatter).

Create your own implementation of `IMarkupFormatter` and assign an object of this class to the `OutputFormatter` property. You might want to derive from an existing formatter class, like here: https://github.com/mganss/HtmlSanitizer/blob/61008c6d0e492e641510726da881ee0c9577c305/src/HtmlSanitizer/HtmlFormatter.cs...

I'm confused. What exactly is the input for the sanitizer? Where does the input come from? Please post some demo code.

I think you're applying the sanitization at the wrong level. You should probably get only the value of the `Details` form variable and sanitize that: ```c# var details = Request.Form["Details"];...

Where are you inserting the filter? Is it this: https://docs.microsoft.com/en-us/dotnet/api/system.web.httprequest.filter ?

How about modifying the `Forms` collection in `Global.asax.cs`? ```c# void Application_BeginRequest(object sender, EventArgs e) { var form = Request.Form; var isReadOnly = form.GetType().GetProperty("IsReadOnly", BindingFlags.NonPublic | BindingFlags.Instance); isReadOnly.SetValue(form, false, null); form["Name"]...

What does the error message say? Can you provide steps to repro?

I can't repro. I've tried the attached project and a fresh one created from the template in VS 2019. Published through VS and command line.

Yes, this should work. By default, `href` is an allowed attribute. If you want the event handler to be called, you need to disallow the `href` attribute first by removing...