-
Notifications
You must be signed in to change notification settings - Fork 205
Frequently Asked Questions
HtmlSanitizer raises a number of events prior to performing its sanitizing actions, all of which can be overridden by your own delegates. See the Hooks/Events topic for the available events.
You can change the tags, attributes, etc. that are allowed by setting the relevent option on your instance of HtmlSanitizer. See the Options topic for a breakdown of the various allowed values.
Please note: HtmlSanitizer is allowlist-based, rather than blocklist-based. That means that anything not included in the allowed values will be stripped.
The default formatter outputs markup as HTML, which does not use self-closing tags. You can override that behavior by using the XhtmlMarkupFormatter, which will output XML-compliant HTML (i.e. self-closing tags).
To put it simply, AngleSharp constantly introduces breaking changes in their API (see #78, #76 , #68, #64 and #53, for example). In order to keep HtmlSanitizer stable, we pin our dependency to a known "good" version.
Strictly speaking, yes. HtmlSanitizer is optimized for HTML, though, so you're likely going to have to use some post-processing to get the correct output for other markup syntaxes. You'll also need to configure the AllowedTags and AllowedAttributes options for the tags and attributes your markup files can contain.
Yes. For example, in ASP.NET Core you can configure the dependency injection container like this:
services.AddSingleton<IHtmlSanitizer, HtmlSanitizer>();