I have several views where I use @Html.Raw and would like to sanitize rich text inputs. Possibly what the Rich Text Box may emit and take a white list type of approach to the tags/attributes that the server-side will accept. I'm not sure how to do this or where to look to do this.
@foreach (var dorItem in catGroup)
{<tr><td class="view-dor">@Html.Raw(dorItem.Responsibility)</td><td class="view-dor-description">@Html.Raw(dorItem.Description)<div class="verticalspace"></div>
@foreach (var dorResponse in dorItem.DorItemResponses)
{<div style=" border: solid black 1px; background-color: #eeeeee;"><b>@dorResponse.Date.ToString("MM/dd/yyyy") @dorResponse.Title</b><div class="verticalspace"></div>@Html.Raw(dorResponse.Response)</div>
}</td>
@if (@dorItem.Status.Color.Name == "Yellow")
{<td class="view-dor"><font class="dor-status-dark"
color="@dorItem.Status.Color.Name"><b>@dorItem.Status.Name</b></font></td>
}
else
{<td class="view-dor"><font color="@dorItem.Status.Color.Name"><b>@dorItem.Status.Name</b></font></td>
}</tr>
}