Code Samples & GetSafeHtmlFragment()

Mar 19, 2010 at 11:52 PM
Edited Mar 19, 2010 at 11:57 PM
Does AntiXSS.GetSafeHtmlFragment() work along with code samples? For example, lets say I have a blog about Javascript. In that blog, I have lots of the usual stuff [div][b][i][strong][img] etc to highlight various stuff. Also, in the middle of that blog post, I put my really cool Javascript Sample code, let's say: [code] Cool JavaScript Sample Code! [/code] I don't want my Cool Sample Code to run - just for it to be displayed as encoded text. I don't really want any of that code stripped out, just encoded. One way to solve this is Javascript Text editor for the blog and make sure to encode all user inputted text as special characters but let's say for now I choose not to use that option. I'm wondering, is there a simple way to exclude that Cool JavaScript Sample Code! or anything that's in those from the sanitizer? Note: Replace the [] with angle brackets in the real thing. This message forums is limited in what sample code I can send.
May 3, 2010 at 7:07 PM

No there's not I'm afraid, and right now you can't customise which is sanitized/stripped. We are looking at it, but I have no timescales.