-1

In the latest version of HtmlSanitizationLibrary assembly downloadable with AntiXSS Library v4.0 ,

the function GetSafeHtml() replaces each 

         <p> and </p> tags  by  \r\n <p>  or  \r\n </p>  .

This known bug is reported on

http://wpl.codeplex.com/discussions/82446

but my question is not this.

Can i Sanitize HTML based on white list of tags using HtmlSanitizationLibrary

Kuttan Sujith
  • 7,889
  • 18
  • 64
  • 95

1 Answers1

0

Your question is somewhat unclear.

Did you mean "Does AntiXSS use a whitelist to sanitize HTML?" ? Then the answer is yes.

Did you mean "Can I specify my own whitelist to be used by AntiXSS?" ? Then the answer is no, as far as I can tell (at least it's not documented anywhere). At any rate, specifying your own whitelist is kind of pointless - the whole point of AntiXSS is that it handles the whitelist for you, because such a whitelist can be quite tricky to get right.

Also see Why use Microsoft AntiXSS library? ; Steven's answer addresses a similar question.

Community
  • 1
  • 1
sleske
  • 81,358
  • 34
  • 189
  • 227
  • there is dll called HtmlSanitizationLibrary.dll .it has a function GetSafeHtml() .I am talking about it – Kuttan Sujith Jun 11 '11 at 15:12
  • @user444569: Yes, you wrote that in your question, but that does not make it any clearer. So, what is your question? – sleske Jun 11 '11 at 18:21
  • My question is that ,can i configure the list of allowed tags when i use HtmlSanitizationLibrary? – Kuttan Sujith Jun 12 '11 at 09:15
  • @user444569: As I wrote in my answer: No, apparently you cannot configure the list of allowed tags, and it would be kind of pointless. – sleske Jul 05 '11 at 16:07