I don't think there is a built-in sanitizer for C # that you can use, but here is what I did when I had the same problem. I used the HtmlAgilityPackSanitizerProvider that comes with AjaxControlToolkit. The code is as follows:
private static AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider sanitizer = new AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider(); private static Dictionary<string, string[]> elementWhitelist = new Dictionary<string, string[]> { {"b" , new string[] { "style" }}, {"strong" , new string[] { "style" }}, {"i" , new string[] { "style" }}, {"em" , new string[] { "style" }}, {"u" , new string[] { "style" }}, {"strike" , new string[] { "style" }}, {"sub" , new string[] { "style" }}, {"sup" , new string[] { "style" }}, {"p" , new string[] { "align" }}, {"div" , new string[] { "style", "align" }}, {"ol" , new string[] { }}, {"li" , new string[] { }}, {"ul" , new string[] { }}, {"a" , new string[] { "href" }}, {"font" , new string[] { "style", "face", "size", "color" }}, {"span" , new string[] { "style" }}, {"blockquote" , new string[] { "style", "dir" }}, {"hr" , new string[] { "size", "width", "id" }}, {"img" , new string[] { "src" }}, {"h1" , new string[] { "style" }}, {"h2" , new string[] { "style" }}, {"h3" , new string[] { "style" }}, {"h4" , new string[] { "style" }}, {"h5" , new string[] { "style" }}, {"h6" , new string[] { "style" }} }; private static Dictionary<string, string[]> attributeWhitelist = new Dictionary<string, string[]> { {"style" , new string[] {}}, {"align" , new string[] {}}, {"href" , new string[] {}}, {"face" , new string[] {}}, {"size" , new string[] {}}, {"color" , new string[] {}}, {"dir" , new string[] {}}, {"width" , new string[] {}}, {"id" , new string[] {}}, {"src" , new string[] {}} }; public string SanitizeHtmlInput(string unsafeStr) { return sanitizer.GetSafeHtmlFragment(unsafeStr, elementWhitelist, attributeWhitelist); }
Hope this helps.