databinding.WebSecurity.HtmlSanitizer.AspNetCore 2025.7.23.2

Prefix Reserved
.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package databinding.WebSecurity.HtmlSanitizer.AspNetCore --version 2025.7.23.2
                    


                    

                
NuGet\Install-Package databinding.WebSecurity.HtmlSanitizer.AspNetCore -Version 2025.7.23.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="databinding.WebSecurity.HtmlSanitizer.AspNetCore" Version="2025.7.23.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="databinding.WebSecurity.HtmlSanitizer.AspNetCore" Version="2025.7.23.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="databinding.WebSecurity.HtmlSanitizer.AspNetCore" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add databinding.WebSecurity.HtmlSanitizer.AspNetCore --version 2025.7.23.2
                    


                    

                
#r "nuget: databinding.WebSecurity.HtmlSanitizer.AspNetCore, 2025.7.23.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package databinding.WebSecurity.HtmlSanitizer.AspNetCore@2025.7.23.2
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=databinding.WebSecurity.HtmlSanitizer.AspNetCore&version=2025.7.23.2
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=databinding.WebSecurity.HtmlSanitizer.AspNetCore&version=2025.7.23.2
                    


                            Install as a Cake Tool

databinding.WebSecurity.HtmlSanitizer.AspNetCore

This library provides ActionFilter for MVC and API controller to detect and remove malicious inputs with databinding.WebSecurity.HtmlSanitizer.

For fields such as passwords, the check can be deactivated with the [SanitizerDisabled] attribute. This guarantees that passwords are not converted, especially special characters such as &, < and >.

Getting started

Prerequisites

  • .NET 8 or later
  • Visual Studio 2022/Code or later

Installation

To install the library, you can use the NuGet package manager:

dotnet add package databinding.WebSecurity.HtmlSanitizer.AspNetCore

Usage

The package provides the ActionFilter HtmlSanitizerCheckActionFilter and HtmlSanitizerCheckAsyncActionFilter.

Here's a basic example of how to use it:

    [HtmlSanitizerCheckActionFilter]
    public class HomeController : Controller
    {
     ...
    }

The filter can be configured globally for all controllers in Startup.cs or Program.cs.

    var builder = WebApplication.CreateBuilder(args);

    builder.Services.AddControllersWithViews(
        o => o.Filters.Add<HtmlSanitizerCheckActionFilter>());

The HtmlSanitizerRichtextDefauls class is available for additional configurations. This enables additional settings for AllowedAtRules, AllowedSchemes, AllowedTags, AllowedAttributes, AllowedCssProperties, UriAttributes and AllowedClasses via static properties.

Configurable via Program.cs or Startup.cs.

    HtmlSanitizerRichtextDefauls.AllowedTags.Add("img");
    var builder = WebApplication.CreateBuilder(args);

    builder.Services.AddControllersWithViews(
        o => o.Filters.Add<HtmlSanitizerCheckActionFilter>());

To avoid unwanted side effects for special cases such as passwords, the logic can be deactivated with the DisableSanitizer attribute on a property.

    public class LoginModel
    {
       ...

       [SanitizerDisabled]
       public string Password { get; set; }
    }
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2025.7.23.2 563 7/23/2025
2025.7.23.1 559 7/23/2025
2025.7.22.3 547 7/22/2025
2025.7.18.3 125 7/18/2025
2025.4.28.1 188 4/28/2025
2025.4.16.3 230 4/16/2025
2025.4.16.1 210 4/16/2025
2025.4.14.1 224 4/14/2025
2025.4.3.1 194 4/3/2025
2025.4.1.1 184 4/1/2025
2025.3.26.1 478 3/26/2025
2025.3.24.1 501 3/24/2025
2025.3.21.1 128 3/21/2025
2025.2.18.1 135 2/18/2025
2025.2.12.2 152 2/12/2025
2025.2.5.2 137 2/5/2025
2025.2.4.1 136 2/4/2025
2025.2.3.6 123 2/3/2025
2025.1.21.11 146 1/21/2025
2025.1.21.10 117 1/21/2025