0

If one wishes to sanitize HTML input, he has to use a library like HtmlSanitizer. Example:

var sanitizer = new HtmlSanitizer();
var sanitized = sanitizer.Sanitize(model.htmlInput);

Is it possible to instead declare that this member should be sanitized with an attribute:

public class Model
{
    [HtmlSanitizer]
    public string HtmlInput {get; set;}
}

Then sanitize the html and pass it along? Similar to how we do with [Required] or [Range(1,Int32.MaxValue)], which enforces constraints in the model.

Improve this question
2
  • 1
    You can totally put that functionality into a custom Attribut. Maybe even with Source Generation. Commented Apr 22 at 15:44
  • I ended up doing it in the models' getters and setters like such: private string _description; public string Description { get => _description; set => _description = _sanitizer.Sanitize(value); } but I'm leaving this as it is a valuable question. Sanitisation is easily forgotten if we run it manually on each class member in each service... Commented Apr 22 at 17:36
Related questions
2530
How can I check if an object has an attribute?
1287
How can I sanitize user input with PHP?
1409
What is the purpose of the "role" attribute in HTML?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.