The src attribute of the img tag is set to a whitelist and is filtered out

mganss / HtmlSanitizer

Cleans HTML to avoid XSS attacks

MIT License

1.52k stars 198 forks source link

The src attribute of the img tag is set to a whitelist and is filtered out #436

Closed lycoris-xmin closed 1 year ago

lycoris-xmin commented 1 year ago

I am using a rich text component, trying to use the function of pasting and copying pictures, but when submitting to the background for XSS filtering, the src attribute of the img tag will be filtered out

Nuget Version: 8.0.645 Runtime platform: .Net 6

tiesont commented 1 year ago

This is by design. You need to allow data URIs: https://github.com/mganss/HtmlSanitizer/wiki/Examples#ex2-allowing-data-uris

var sanitizer = new HtmlSanitizer();
sanitizer.AllowedSchemes.Add("data");

lycoris-xmin commented 1 year ago

Sorry, I have read some documents, but did not find relevant information, thank you for reminding. Let me try