2

I have a problem using the their latest WPL v 4.2.1. The stripping of suspect HTML, javsacript and styling is so aggressive it strips out ALL the CSS.

I understand that CSS can be easily used to inject malicious javascript using URL references, but this also means im losing all the innocent styling that makes my content look readable. The last thing i want displayed on my aspx pages is boring 'plain' text.

My question: Is there another library on the market/the web which I can use which will not strip off my styling elements completely? By that i mean selectively removing only the possibly malicious attributes within the CSS.

I have tried searching but without much luck. If anybody knows of one, could you post the answer here please? I know the current source code can be modified but I'd really like to use an available project if there is one as i'm not very knowledgeable with cross site scripting.

Thanks a ton!

JohnSM
  • 91
  • 1
  • 4
  • possible duplicate of [Microsoft AntiXSS Alternative](http://stackoverflow.com/questions/11269306/microsoft-antixss-alternative) – Druid Feb 12 '13 at 08:16

0 Answers0