0

Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment seems to strip all <a href="">link</a> into <a>link</a>

Is there anyway to preserve local URL, e.g. <a href="/Product/1"> when passing it into Sanitizer.GetSafeHtmlFragment?

Note: I'm using AntiXSS 4.2.1

Jeow Li Huan
  • 3,758
  • 1
  • 34
  • 52

1 Answers1

1

The AntiXSS library has been broken for a few months now. There's no way around this problem, unfortunately. Either you rollback to a previous version, or search for something else to use.

Ana
  • 26
  • 1
  • 1
    Looks like MS broke the library after IBM found a loophole in it. What's the alternative that's secure, but doesn't strip HTML the way AntiXSS library does? – Jeow Li Huan Jul 09 '12 at 02:08