Invalid image tags after sanitization

Jun 3, 2011 at 4:55 PM
Edited Jun 3, 2011 at 5:01 PM

I'am using the Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment() method to encode HTML input.

However, after the sanitization image tags always look like 

<img src="" alt="">

 instead of

<img src="" alt=""/>

or

<img src="" alt=""></img>

. This is perfectly okay for the browser, but no valid XML. Since I'am using XElement.Parse method for validation and for getting an XElement from the input, the method throws an exception because of the not closed img tag.

Will that be fixed or is there a good reason for removing the "/" from an empty element?

Coordinator
Jun 3, 2011 at 5:00 PM

GetSafeHtml* simply does not support XHTML. It's a known issue, but there are currently no plans to address it.

Dec 2, 2011 at 2:22 AM
GetSafeHtml* simply does not support XHTML. It's a known issue, but there are currently no plans to address it.

Which is pretty dumb if you think about it: .NET is based on XHTML tag structure. It's a waste of time to implement this technology in any HTML Editor scenario ... We need XHTML support to make this useful.

Dec 2, 2011 at 6:49 AM

I would not express it that hard but that was what I thought too.