HtmlSanitizer by Michael Ganss

<PackageReference Include="HtmlSanitizer" Version="9.1.885-beta" />

.NET API 52,736 bytes

 IHtmlSanitizer

public interface IHtmlSanitizer
Enables an inheriting class to implement an HtmlSanitizer class, which cleans HTML documents and fragments from constructs that can lead to XSS attacks.
bool AllowDataAttributes { get; set; }

Allow all HTML5 data attributes; the attributes prefixed with data-

ISet<CssRuleType> AllowedAtRules { get; }

Gets the allowed CSS at-rules such as "@media" and "@font-face".

ISet<string> AllowedAttributes { get; }

Gets the allowed HTML attributes such as "href" and "alt".

ISet<string> AllowedClasses { get; }

Gets or sets the allowed CSS classes. If the set is empty, all classes will be allowed.

ISet<string> AllowedCssProperties { get; }

Gets or sets the allowed CSS properties such as "font" and "margin".

ISet<string> AllowedSchemes { get; }

Gets the allowed URI schemes such as "http" and "https".

ISet<string> AllowedTags { get; }

Gets the allowed HTML tag names such as "a" and "div".

Regex DisallowCssPropertyValue { get; set; }

Gets or sets a regex that must not match for legal CSS property values.

Func<HtmlParser> HtmlParserFactory { get; set; }

Gets or sets the Func<T> object the creates the parser used for parsing the input.

bool KeepChildNodes { get; set; }

Gets or sets a value indicating whether to keep child nodes of elements that are removed.

IMarkupFormatter OutputFormatter { get; set; }

Gets or sets the IMarkupFormatter object used for generating output.

ISet<string> UriAttributes { get; }

Gets or sets the HTML attributes that can contain a URI such as "href".

event EventHandler<FilterUrlEventArgs> FilterUrl

Occurs when a URL is being sanitized.

event EventHandler<PostProcessDomEventArgs> PostProcessDom

Occurs after sanitizing the document and post processing nodes.

event EventHandler<PostProcessNodeEventArgs> PostProcessNode

Occurs for every node after sanitizing.

event EventHandler<RemovingAtRuleEventArgs> RemovingAtRule

Occurs before an at-rule is removed.

event EventHandler<RemovingAttributeEventArgs> RemovingAttribute

Occurs before an attribute is removed.

event EventHandler<RemovingCommentEventArgs> RemovingComment

Occurs before a comment is removed.

event EventHandler<RemovingCssClassEventArgs> RemovingCssClass

Occurs before a CSS class is removed.

event EventHandler<RemovingStyleEventArgs> RemovingStyle

Occurs before a style is removed.

event EventHandler<RemovingTagEventArgs> RemovingTag

Occurs before a tag is removed.

string Sanitize(string html, string baseUrl = "", IMarkupFormatter outputFormatter = null)

Sanitizes the specified HTML.

string SanitizeDocument(string html, string baseUrl = "", IMarkupFormatter outputFormatter = null)

Sanitizes the specified HTML document. Even if only a fragment is given, a whole document will be returned.

IHtmlDocument SanitizeDom(string html, string baseUrl = "")

Sanitizes the specified HTML body fragment. If a document is given, only the body part will be returned.

IHtmlDocument SanitizeDom(IHtmlDocument document, IHtmlElement context = null, string baseUrl = "")

Sanitizes the specified parsed HTML body fragment. If the document has not been parsed with CSS support then all styles will be removed.