public static string PreventCrossSiteScripting(String html, String errorHeader, bool removeMarkupOnFailure) { try { XssFilter filter = GetXssFilter(); if (filter == null) { log.Info("XssFilter was null"); return(html.Replace("script", "s cript")); } return(filter.FilterFragment(html)); } catch (Exception ex) { if (removeMarkupOnFailure) { return(String.Format(@"<span style=""color: #ff0000;"">{0}</span><br />{1}", errorHeader, HttpUtility.HtmlEncode(RemoveMarkup(html)))); } else { return(String.Format(@"<span style=""color: #ff0000;"">{0}{1}</span>:<br />{2}", errorHeader, HttpUtility.HtmlEncode(ex.Message), HttpUtility.HtmlEncode(html))); } } }
public static string SanitizeHtml(String html) { try { XssFilter filter = GetXssFilter(); if (filter == null) { log.Info("XssFilter was null"); //return html.Replace("script", "s cript"); return(RemoveMarkup(html)); } return(filter.FilterFragment(html)); } catch (Exception) { return(RemoveMarkup(html)); } }