Html Agility Pack: a simple "Sanitizer" with dictionary parameters

Question

Seach engine wasn't enough for information about shape of dictionary parameters of

    AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider sanitizer = 
    new AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider();

    textBoxPublicInput.Text =
    sanitizer.GetSafeHtmlFragment(
            textBoxPublicInput.Text,aDictionary,anotherDictionary
                                 );

What must I put in the aDictionary and anotherDictionary parameters? What must the elements be? I see it needs a string to array of string dictionary but which strings? What are the rules?

Lets assume trusted tags are < a >, < p >, < div > and < ul >- < li > only. Main intention is to protect site against injections because of the html editor extender.

Thanks for your time.

score 1 · Answer 1 · answered Apr 09 '15 at 06:42

The following applies to the AjaxControlToolkit.HtmlEditor.Sanitizer nuget

You need a Dictionary<string, string[]> where the key is the elementname (eg. p and the value is an array of allowed attributes for that element (eg. style, class).

    var validHtmlTags = new Dictionary<string, string[]>
    {
        {"p", new[] {"style", "class", "align"}},
        {"div", new[] {"style", "class", "align"}}
        //etc ...
    };

   var sanitizer = new AjaxControlToolkit.HtmlEditor.Sanitizer.DefaultHtmlSanitizer();
   var sanitized = sanitizer.GetSafeHtmlFragment(toBeSanitizedText, validHtmlTags);

Html Agility Pack: a simple "Sanitizer" with dictionary parameters

1 Answers1