Here is a very simple method that strips all HTML tags from a string or just the harmful tags - you decide
You need to set ValidateRequest=false in the page directive to turn this off, and on the server side carefully filter user subbmited value.
public string StripHtml(string html, bool allowHarmlessTags)
{
if (html == null html == string.Empty)
return string.Empty;
if (allowHarmlessTags)
return System.Text.RegularExpressions.Regex.Replace(html, "", string.Empty);
return System.Text.RegularExpressions.Regex.Replace(html, "<[^>]*>", string.Empty);
}
Posts
Moving to Posterous
14 years ago
No comments:
Post a Comment