The 4.2.x release was motivated by a security vulnerability found specifically in the HTML sanitizer. Additional information about this fact:
However, it seems that, in addition to eliminating the vulnerability, the disinfectant has been modified to be more aggressive to the point that it is almost never used. This fact is reported on the WPL CodePlex website ( GetSafeHtmlFragment, replacing all html tags ).
If your problem is only associated with the <br> tag, and you want to stick with AntiXSS sanitizer, then you can implement an ugly workaround using the preprocessing of your input, and then after processing the sanitizer result.
Something like this (code for illustration only):
static void Main(string[] args) { string input = "<br>Hello<br/>World!"; input = EscapeHtmlBr(input); var result = Sanitizer.GetSafeHtmlFragment(input); result = UnescapeHtmlBr(result); Console.WriteLine(result); } const string BrMarker = @"|br|"; private static string UnescapeHtmlBr(string result) { result = result.Replace(BrMarker, "<br />"); return result; } private static string EscapeHtmlBr(string input) { input = input.Replace("<br>", BrMarker); input = input.Replace("<br />", BrMarker); input = input.Replace("<br/>", BrMarker); return input; }