Best way to detect if input is invalid

[jkuek]

Hi,

I'm trying to detect whether my input contains any forbidden tags. I tried comparing the input with the sanitized output but HtmlSanitizer reformats allowed tags:

var input = "<p>";
var sanitizer = new HtmlSanitizer();
var result = sanitizer.Sanitize(input);

// expected output is <p>, but actual output is "<p></p>"

// result != input even though all tags are allowed

Is there another way to check if my input contains any forbidden tags?

[tiesont]

The RemovingTag event will be raised anytime a tag is detected which isn't allowed - you can find an example of handling that in the wiki: https://github.com/mganss/HtmlSanitizer/wiki/Examples#ex10-keep-images-audio-and-video-only-from-your-cdn

If you can handle an exception in your workflow, something like this might work:

sanitizer.RemovingTag += (sender, e) => 
{
    throw new ForbiddenTagException(e.Tag);
}

where ForbiddenTagException is a custom exception that accepts an IElement argument (assuming that you want to log what the tag was at some point).

[jkuek]

Thanks for the response, I figured it out myself eventually:

Here's what I used
sanitizer.RemovingTag += (sender, e) => throw new ArgumentException($"forbidden HTML tag found: {e.Tag.LocalName}");

[tiesont]

Yeah, I was thinking that would work too. The only reason for a custom exception would be as a signal for a specific error handler higher up in your code, rather than not knowing if the ArgumentException came from something else.