How to use C# to sanitize input on an html page?

Question

Is there a library or acceptable method for sanitizing the input to an html page?

In this case I have a form with just a name, phone number, and email address.

Code must be C#.

For example:

"<script src='bobs.js'>John Doe</script>" should become "John Doe"

Answer 1

We are using the HtmlSanitizer .Net library, which:

• Is open-source (MIT) - GitHub link
• Is fully customizable, e.g. configure which elements should be removed. see wiki
• Is actively maintained
• Doesn't have the problems like Microsoft Anti-XSS library
• Is unit tested with the OWASP XSS Filter Evasion Cheat Sheet
• Is special built for this (in contrast to HTML Agility Pack, which is a parser - not a sanitizer)
• Doesn't use regular expressions (HTML isn't a regular language!)

Also on NuGet