Pastable version of Sanitize HTML

<div style="overflow:auto;border:solid 1px #ccc;background:#000;color:#F8F8F8">
 <div class="section">
 
 <pre style="float:left;margin:0 10px;border-right:0;color:#666;">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72</pre>
 <pre class="sunburst">private static Regex _tags = new Regex(&quot;&lt;[^&gt;]*(&gt;|$)&quot;, RegexOptions.Singleline | RegexOptions.ExplicitCapture | RegexOptions.Compiled);
private static Regex _whitelist = new Regex(@&quot;
 ^&lt;/?(a|b(lockquote)?|code|em|h(1|2|3)|i|li|ol|p(re)?|s(ub|up|trong|trike)?|ul)&gt;$
 |^&lt;(b|h)r\s?/?&gt;$
 |^&lt;a[^&gt;]+&gt;$
 |^&lt;img[^&gt;]+/?&gt;$&quot;,
 RegexOptions.Singleline | RegexOptions.IgnorePatternWhitespace |
 RegexOptions.ExplicitCapture | RegexOptions.Compiled);

/// &lt;summary&gt;
/// sanitize any potentially dangerous tags from the provided raw HTML input using 
/// a whitelist based approach, leaving the &quot;safe&quot; HTML tags
/// &lt;/summary&gt;
public static string Sanitize(string html)
{

var tagname = &quot;&quot;;
 Match tag;
 var tags = _tags.Matches(html);

// iterate through all HTML tags in the input
 for (int i = tags.Count-1; i &gt; -1; i--)
 {
 tag = tags[i];
 tagname = tag.Value.ToLower();

if (!_whitelist.IsMatch(tagname))
 {
 // not on our whitelist? I SAY GOOD DAY TO YOU, SIR. GOOD DAY!
 html = html.Remove(tag.Index, tag.Length);
 }
 else if (tagname.StartsWith(&quot;&lt;a&quot;))
 {
 // detailed &lt;a&gt; tag checking
 if (!IsMatch(tagname,
 @&quot;&lt;a\s
 href=&quot;&quot;(\#\d+|(https?|ftp)://[-A-Za-z0-9+&amp;@#/%?=~_|!:,.;]+)&quot;&quot;
 (\stitle=&quot;&quot;[^&quot;&quot;]+&quot;&quot;)?\s?&gt;&quot;))
 {
 html = html.Remove(tag.Index, tag.Length);
 }
 }
 else if (tagname.StartsWith(&quot;&lt;img&quot;))
 {
 // detailed &lt;img&gt; tag checking
 if (!IsMatch(tagname,
 @&quot;&lt;img\s
 src=&quot;&quot;https?://[-A-Za-z0-9+&amp;@#/%?=~_|!:,.;]+&quot;&quot;
 (\swidth=&quot;&quot;\d{1,3}&quot;&quot;)?
 (\sheight=&quot;&quot;\d{1,3}&quot;&quot;)?
 (\salt=&quot;&quot;[^&quot;&quot;]*&quot;&quot;)?
 (\stitle=&quot;&quot;[^&quot;&quot;]*&quot;&quot;)?
 \s?/?&gt;&quot;))
 {
 html = html.Remove(tag.Index, tag.Length);
 }
 }
 
 }

return html;
}

/// &lt;summary&gt;
/// Utility function to match a regex pattern: case, whitespace, and line insensitive
/// &lt;/summary&gt;
private static bool IsMatch(string s, string pattern)
{
 return Regex.IsMatch(s, pattern, RegexOptions.Singleline | RegexOptions.IgnoreCase |
 RegexOptions.IgnorePatternWhitespace | RegexOptions.ExplicitCapture);
}
</pre>
 </div>
 </div>

Refactor :my => 'code'

Recent

Popular

Pastable version of Sanitize HTML