Use something like AngleSharp[^] to parse the content, and strip out any tags or attributes that aren't explicitly allowed.
You'll probably also want to set up a Content Security Policy[^] to block inline scripts and third-party scripts that your site doesn't use. NB: Some older browsers don't support CSP, so you can't solely rely on this to block XSS.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
i read article from these links
they saying to use AntiXSS library. can i use in production? is it robus?
Never save timezone information when saving datetime information. Always store dates and times as UTC values. The timezone information is only needed at the user's PC, when converting between local time and UTC.
please give me a code i want to prevent my website from csrf by using csrf-token, i want not to show page url or generate a random code in my url that expires every new time that we click on the link how can i do it?
There are great number of examples available in Google for CSRF-token.Language obviously you can only know whether you are using java or C#.Net or whatever.Please be specific while you are discussing on some topics.
If cookies are refused then the user gets a new session with each request, the site doesn't know it is a returning user. You can configure cookieless sessions in the config which will add a tracking ID to the url instead but this is generally a bad thing.
If you want cookieless sessions you need to enable them in the configuration and everyone uses them, even people who accept cookies. Generally I'd stick with cookies being required for sessions, if the user doesn't want to accept cookies then they have to put up with the consequences of that.
Chances are you won't find any good and free library that can do this. Most libraries are either paid solutions or incomplete indie projects. Your luck is, that you want to do this with .NET Core 2.0, which can accept any .NET framework targeting library, thus any NuGet library will work just fine. iTextSharp can be looked at, but I am unsure.