sanitizedHtml

This returns an element wrapping sanitized content, using a whitelist for html tags and attributes, and a blacklist for css. Javascript is never allowed.

It scans all URLs it allows and rejects

You can tweak the allowed features with the HtmlFeatures enum.

Note: you might want to use innerText for most user content. This is meant if you want to give them a big section of rich text.

userContent should just be a basic div, holding the user's actual content.

FIXME: finish writing this

  1. Element sanitizedHtml(Element userContent, string idPrefix, HtmlFeatures allow)
    Element
    sanitizedHtml
  2. Element sanitizedHtml(Html userContent, string idPrefix, HtmlFeatures allow)

Meta