Anti-XSS strips href attribute from <a> tags

Feb 27, 2012 at 8:10 PM

Why does the Anti-XSS library remove href attributes from <a> tags? I am using the method Sanitizer.GetSafeHtmlFragment.

Feb 29, 2012 at 10:02 PM

This is why. As of version 4.2.1 this library is broken and there's no ETA on when things will be fixed.

Try using HtmlAgilityPack and filter through tags you want to keep stripping out the rest. There are lots of examples on the web on exactly how to do that.