I have successfully been able to write a script that post values to my database. One of the field contains html which I store in my database. But I begining to get worried cause I did not do any validation to check for malicious html codes which can lead
to an hacker exploit. I also believe that I should escape my html before passing into my database. When I check my database table I see html in this format e.g. <span>some is here</span>.
Please are there libraries that can help me protect and filter bad html within my controller action method so that I save the right and save codes into my database.
Please kindly advise me on the above subject.
You can use the HtmlAgilityPack to filter for disallowed tags. Here’s an article I wrote about using it in a Razor Web Pages site: http://www.mikesdotnetting.com/article/222/request-validation-in-asp-net-web-pages.
You should be able to adapt the key points to MVC.
Thanks alot Sir,
You are the best. This is the best article that I have read on Cross site scripting attack. I have just implemented in my code.