HTMLStripper.Strip Method

Removes the potential dangerous tags and keywords from the sourceHTML and returns the result. In this way Javascript injection attack can be avoided.

IMPORTANT: Although this method will prevent most of the Javascript injection attacks it is not always 100% sure that all Javascript injection attack can be prevented.

Additionally the html can be html encoded. For html encoding only the following items are transformed: > to >, < to <, & to &.

The following potentially dangerous tags and keywords are transformed.

Dangerous Item	Converted to
`SCRIPT` block	The whole script block is deleted
`IFRAME`, `STYLE`, `LINK` tags and blocks	The items are deleted
`javascript` keyword. For example - "javascript:"	`javascript` is transformed to `javascript_`
Event handler property. For example: `onclick=`	Underscore is added to the event name. For examle: `onclick=` is transformed to `onclick_=`

[Visual Basic]
Public Shared Function Strip( _
   ByVal sourceHTML As String, _
   ByVal bStrip As Boolean, _
   ByVal inputIsHTMLEncoded As Boolean, _
   ByVal htmlEncodeOutput As Boolean _
) As String

[C#]
public static string Strip(
   String sourceHTML,
   Boolean bStrip,
   Boolean inputIsHTMLEncoded,
   Boolean htmlEncodeOutput
);

Parameters

sourceHTML: The source HTML
bStrip: Specifies if potential dangerous tags and keyword should be processed
inputIsHTMLEncoded: Specifies if the sourceHTML parameters is html encoded
htmlEncodeOutput: Specifies if the return value should be html encoded

HTMLStripper.Strip Method

Parameters

Return Value

See Also