Revision as of 21:54, 18 March 2022 edit BrownHairedGirl (talk \| contribs) Autopatrolled, Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 2,942,733 edits {{Dead link}} tagged 1 bare URL ref to 1 dead website: http://htmlagilitypack.codeplex.com Tag: AWB ← Previous edit		Revision as of 19:51, 1 July 2022 edit undo Jarble (talk \| contribs) Autopatrolled, Extended confirmed users 150,084 edits m linking Next edit →
Line 4: == Details == Basic tags for changing fonts are often allowed, such as <code><b></code>, <code><i></code>, <code><u></code>, <code><em></code>, and <code><strong></code> while more advanced tags such as <code><script></code>, <code><object></code>, <code><embed></code>, and <code><link></code> are removed by the sanitization process. Also potentially dangerous [[HTML attribute\|attributes]] such as the <code>onclick</code> attribute are removed in order to prevent malicious code from being injected. Sanitization is typically performed by using either a [[whitelist]] or a [[Blacklist (computing)\|blacklist]] approach. Leaving a safe HTML element off a whitelist is not so serious; it simply means that that feature will not be included post-sanitation. On the other hand, if an unsafe element is left off a blacklist, then the vulnerability will not be sanitized out of the HTML output. An out-of-date blacklist can therefore be dangerous if new, unsafe features have been introduced to the HTML Standard.

HTML sanitization: Difference between revisions