-
Notifications
You must be signed in to change notification settings - Fork 1
Using the Library: Custom Global Whitelists
Kevin Cheng edited this page Jan 20, 2018
·
1 revision
Having to pass custom whitelists everytime we call the SanitizeHtml() function can get tiresome and verbose. To keep things simple, the custom lists can instead be configured globally during the application startup.
For ASP.NET applications, this can be done in the global.asax file.
protected void Application_Start(object sender, EventArgs e)
{
MarkupSanity.Configure.CustomWhitelistedTags = new List<String>() { "a", "strong", "p" };
MarkupSanity.Configure.CustomWhitelistedAttributes = new List<String>() { "href", "src" };
}
With these custom whitelists configured globally, all calls to the SanitizeHtml() function shall use the custom set.
String inputValue = "<a class=\"myLinks\" href=\"www.google.com\">Click Me</a>";
String cleanValue = inputValue.SanitizeHtml();
Console.Writeline(cleanValue);
The output of the above is <a href="www.google.com">Click Me</a>. The class tag is removed as it is not in the custom whitelisted attributes list.