如何在ASP.NET中清理MCE的输入？

我不认为你可以使用C＃的内置消毒剂，但这是我遇到同样问题时所做的。 我使用了AjaxControlToolkit附带的HtmlAgilityPackSanitizerProvider。 代码如下所示：

private static AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider sanitizer = new AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider(); private static Dictionary elementWhitelist = new Dictionary { {"b" , new string[] { "style" }}, {"strong" , new string[] { "style" }}, {"i" , new string[] { "style" }}, {"em" , new string[] { "style" }}, {"u" , new string[] { "style" }}, {"strike" , new string[] { "style" }}, {"sub" , new string[] { "style" }}, {"sup" , new string[] { "style" }}, {"p" , new string[] { "align" }}, {"div" , new string[] { "style", "align" }}, {"ol" , new string[] { }}, {"li" , new string[] { }}, {"ul" , new string[] { }}, {"a" , new string[] { "href" }}, {"font" , new string[] { "style", "face", "size", "color" }}, {"span" , new string[] { "style" }}, {"blockquote" , new string[] { "style", "dir" }}, {"hr" , new string[] { "size", "width", "id" }}, {"img" , new string[] { "src" }}, {"h1" , new string[] { "style" }}, {"h2" , new string[] { "style" }}, {"h3" , new string[] { "style" }}, {"h4" , new string[] { "style" }}, {"h5" , new string[] { "style" }}, {"h6" , new string[] { "style" }} }; private static Dictionary attributeWhitelist = new Dictionary { {"style" , new string[] {}}, {"align" , new string[] {}}, {"href" , new string[] {}}, {"face" , new string[] {}}, {"size" , new string[] {}}, {"color" , new string[] {}}, {"dir" , new string[] {}}, {"width" , new string[] {}}, {"id" , new string[] {}}, {"src" , new string[] {}} }; public string SanitizeHtmlInput(string unsafeStr) { return sanitizer.GetSafeHtmlFragment(unsafeStr, elementWhitelist, attributeWhitelist); } 

希望这可以帮助。

清理Html文档涉及许多棘手的事情。 这个包可能有帮助： https ： //github.com/mganss/HtmlSanitizer我用它来做我自己的项目。