Strip and Clean HTML and Attributes, but Allow certain tags and attributes?
Hello,
Has anyone found a good solution for filtering the input from web forms to allow a small subset of explicitly defined HTML and Attributes, but excising any of the non-allowed.
Basically, I would like to be able to specify an "allow" list that might contain B, I, U, TABLE, TD, TR. and a large number of attributes, excluding, of course, onmouse*!
I believe I could do this with Html Agility Pack: http://www.codeplex.com/htmlagilitypack
But, I wondered if anyone had written or come across something that is forward only and does not parse the content into a tree the way that Agility Pack does, since I'm not really concerned with well-formedness, just that absolutely no potentially descructive script or object tags or attributes get through.
Thank you,
Josh