Safe Html... exactly what are the rules?

Jul 11, 2011 at 4:48 PM

Is there any documentation on exactly what the rules are for safe html? What tags are permitted/not permitted? What attributes/style attributes are permitted/not permitted? What transformations take place (eg. class names prefixed with 'x_')?

If there isn't any documentation... can someone point me to the relevant bit of code?



Jul 11, 2011 at 5:10 PM

It's all undocumented I'm afraid. You can sort of figure out it by looking at HtmlTagId and HtmlAttributeId and the HtmlNameData.cs pulls them together via the name hash table. If something appears in the hash table its going to considered safe. Mostly.