WebProNews Ad Rates Click Now!
Read WebProNews
With Friends!

ASP.NET: Remove HTML Tags From a String

Get the WebProNews Newsletter!
By · December 1, 2006 · 15 Comments

A lot of websites allow users to input text and submit it to the site.

This could be forums, blogs, content management systems etc.

Imaging if the user writes HTML into these form fields?

It could be perfectly harmless when used for styling, but it could also be used the wrong way.

A typical scenario would be when a user enters JavaScript that does harmful things or embedding a style sheet that ruins the websites layout.

This is normally referred to as Cross-Site Scripting (XSS).

We have to mitigate that risk, and that’s when regular expression comes to the rescue.

Here is a very simple method that strips all HTML tags from a string or just the harmful tags – you decide.

The method takes two parameters: the string that needs tag removal and a boolean flag that determines if harmless tags are allowed or not.

public static string StripHtml(string html, bool allowHarmlessTags)
{
   if (html == null || html == string.Empty)
     return string.Empty;

   if (allowHarmlessTags)
     return System.Text.RegularExpressions.Regex.Replace(html, "", string.Empty);

   return System.Text.RegularExpressions.Regex.Replace(html, "<[^>]*>", string.Empty);
}

You can add more harmful tags to the regular expression string if you’d like.

Enjoy.

Try the demo

Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Bookmark WebProNews:

Mads Kristensen currently works as a Senior Developer at Traceworks located
in Copenhagen, Denmark. Mads graduated from Copenhagen Technical Academy with a multimedia degree in
2003, but has been a professional developer since 2000. His main focus is on ASP.NET but is responsible for Winforms, Windows- and
web services in his daily work as well. A true .NET developer with great passion for the simple solution.

http://www.madskristensen.dk/

Related Items
About Mads Kristensen
Mads Kristensen currently works as a Senior Developer at Traceworks located in Copenhagen, Denmark. Mads graduated from Copenhagen Technical Academy with a multimedia degree in 2003, but has been a professional developer since 2000. His main focus is on ASP.NET but is responsible for Winforms, Windows- and web services in his daily work as well. A true .NET developer with great passion for the simple solution.

http://www.madskristensen.dk/
RELATED ARTICLES:

Scumbag Steve Goes From Meme To Spokesperson

Scumbag Steve Goes From Meme To Spokesperson

While you know him better as Scumbag Steve, Blake Boston is a living example of how to exchange Internet fame (infamy?) into real world financial gain. After finding his Internet fame via the Reddit...
Google+ Is from Mars, Pinterest Is from Venus

Google+ Is from Mars, Pinterest Is from Venus

So every webpage you visit these days is required to have a minimum of twenty social media buttons so that visitors can send updates of their internet activities shooting across the web for all to see...
Chrome Extension Lets You Study Smarter By Blocking Distracting Sites

Chrome Extension Lets You Study Smarter By Blocking Distracting Sites

The internet is both the best and worst thing to ever happen to productivity. Anyone trying to get any work done in any capacity can attest to that. It's a world of knowledge at your fingertips - ...
Top Rated White Papers and Resources
There are 15 Comments. Add Yours.
  1. Derek Hyams
    Reply

    i dont  know if you realised but using your HTML remover also makes the whole text lowercase, i can see why you have used it, to remove uppercase and lowercase < br >’s  but it outputs the text as lowercase…

    Just a note..

    Kind Regards,

    Derek Hyams

  2. Good job Mads

  3. Guest
    Reply

    dd

  4. Guest
    Reply

    Function sendOutputWithoutHTMLTags(ByVal inputString As String)
    Dim newString As String = “”
    Dim stringCharArray As Char() = inputString.ToCharArray
    Dim strLength As Integer = inputString.Length

    For n As Integer = 0 To (strLength – 1)
    If stringCharArray(n) = “< " Then
    While stringCharArray(n) <> “>”
    n = n + 1
    End While
    n = n + 1
    End If
    newString += stringCharArray(n)
    Next
    Return newString
    End Function

  6. Hi. I’m interested in a subject of this site. I want to say thanks to the author.
    ! THANKS ! If you want check mine: informacje or

  8. Amol Pandit
    Reply

    Very Good job Mads :)

  11. Guest
    Reply

    I switched your code to VB and used it without any side-effects. Thank you!!

  13. Oh man you saved my time. I had been looking this method since long time..

    Anyways, Thank you!

  14. you’re really a just right webmaster. The site loading velocity is amazing. It kind of feels that you are doing any unique trick. In addition, The contents are masterpiece. you’ve performed a excellent task in this matter!

  15. I saw this on another post and it made me smile
    The more you complain, the longer God makes you live. :)

What do you think? Respond.

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

WebProNews Videos | Advertise | About Us | Newsletter | Archive | News Feeds | Terms & Conditions | Contact Us

WebProNews is an iEntry Network ® publication - © 1998-2012 All Rights Reserved.