databinding.WebSecurity.HtmlSanitizer.AspNetCore
2025.2.18.1
Prefix Reserved
dotnet add package databinding.WebSecurity.HtmlSanitizer.AspNetCore --version 2025.2.18.1
NuGet\Install-Package databinding.WebSecurity.HtmlSanitizer.AspNetCore -Version 2025.2.18.1
<PackageReference Include="databinding.WebSecurity.HtmlSanitizer.AspNetCore" Version="2025.2.18.1" />
paket add databinding.WebSecurity.HtmlSanitizer.AspNetCore --version 2025.2.18.1
#r "nuget: databinding.WebSecurity.HtmlSanitizer.AspNetCore, 2025.2.18.1"
// Install databinding.WebSecurity.HtmlSanitizer.AspNetCore as a Cake Addin #addin nuget:?package=databinding.WebSecurity.HtmlSanitizer.AspNetCore&version=2025.2.18.1 // Install databinding.WebSecurity.HtmlSanitizer.AspNetCore as a Cake Tool #tool nuget:?package=databinding.WebSecurity.HtmlSanitizer.AspNetCore&version=2025.2.18.1
databinding.WebSecurity.HtmlSanitizer.AspNetCore
This library provides ActionFilter for MVC and API controller to detect and remove malicious inputs with databinding.WebSecurity.HtmlSanitizer.
For fields such as passwords, the check can be deactivated with the [SanitizerDisabled] attribute. This guarantees that passwords are not converted, especially special characters such as &, < and >.
Getting started
Prerequisites
- .NET 8 or later
- Visual Studio 2022/Code or later
Installation
To install the library, you can use the NuGet package manager:
dotnet add package databinding.WebSecurity.HtmlSanitizer.AspNetCore
Usage
The package provides the ActionFilter HtmlSanitizerCheckActionFilter and HtmlSanitizerCheckAsyncActionFilter.
Here's a basic example of how to use it:
[HtmlSanitizerCheckActionFilter]
public class HomeController : Controller
{
...
}
The filter can be configured globally for all controllers in Startup.cs or Program.cs.
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllersWithViews(
o => o.Filters.Add<HtmlSanitizerCheckActionFilter>());
The HtmlSanitizerRichtextDefauls class is available for additional configurations. This enables additional settings for AllowedAtRules, AllowedSchemes, AllowedTags, AllowedAttributes, AllowedCssProperties, UriAttributes and AllowedClasses via static properties.
Configurable via Program.cs or Startup.cs.
HtmlSanitizerRichtextDefauls.AllowedTags.Add("img");
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllersWithViews(
o => o.Filters.Add<HtmlSanitizerCheckActionFilter>());
To avoid unwanted side effects for special cases such as passwords, the logic can be deactivated with the DisableSanitizer attribute on a property.
public class LoginModel
{
...
[SanitizerDisabled]
public string Password { get; set; }
}
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. |
-
- databinding.WebSecurity.HtmlSanitizer (>= 2025.2.18.1)
- Serilog (>= 4.2.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last updated |
|---|---|---|
| 2025.2.18.1 | 94 | 2/18/2025 |
| 2025.2.12.2 | 113 | 2/12/2025 |
| 2025.2.5.2 | 100 | 2/5/2025 |
| 2025.2.4.1 | 98 | 2/4/2025 |
| 2025.2.3.6 | 99 | 2/3/2025 |
| 2025.1.21.11 | 109 | 1/21/2025 |
| 2025.1.21.10 | 85 | 1/21/2025 |