c# - How can I safely render HTML content from a WYSIWYG editor in ASP.NET? -


what best practice safely encoding output of content created using wysiwyg editor in asp.net/mvc5? tags related formatting , layout etc. render html @ same time avoid xss attacks. editor summernote, not should matter.

obviously, highly insecure:

@html.raw(model.content); 

this wrong:

@model.content 

and microsoft sanitizer goes far other way, removing formatting added wysiwyg editor.

@html.raw(microsoft.security.application.sanitizer.getsafehtmlfragment(model.content)) 

is there built-in or popular library can used?

afaik there no "best practice" doing this. you're fighting framework. mvc designed render model (a bag properties) view (a template).

in theory, might able strip out content wysiwyg output derived user input (i.e. stuff might cause xss , sql injection), sanitize pieces, , put them in. wouldn't that.


Comments

Popular posts from this blog

twig - Using Twigbridge in a Laravel 5.1 Package -

jdbc - Not able to establish database connection in eclipse -

firemonkey - How do I make a beep sound in Android using Delphi and the API? -