Remove HTML tags from a string

Published Mar 14, 2006

A lot of websites allow users to input text and submit it to the site. This could be forums, blogs, content management systems etc. Imaging if the user writes HTML into these form fields? It could be perfectly harmless when used for styling, but it could also be used the wrong way.

A typical scenario would be when a user enters JavaScript that does harmful things or embedding a style sheet that ruins the websites layout. This is normally referred to as Cross-Site Scripting (XSS).

We have to mitigate that risk, and that’s when regular expression comes to the rescue. Here is a very simple method that strips all HTML tags from a string or just the harmful tags – you decide. The method takes two parameters: the string that needs tag removal and a boolean flag that determines if harmless tags are allowed or not.

public static string StripHtml(string html, bool allowHarmlessTags)
{
    if (html == null || html == string.Empty)
        return string.Empty;

    if (allowHarmlessTags)
        return System.Text.RegularExpressions.Regex.Replace(html, "</?(?i:script|embed|object|frameset|frame|iframe|meta|link|style)(.|\\n)*?>", string.Empty);

    return System.Text.RegularExpressions.Regex.Replace(html, "<[^>]*>", string.Empty);
}

You can add more harmful tags to the regular expression string if you'd like. Enjoy.

Try the demo

Create beautiful thumbnails from gif images in ASP.NET

Published Mar 13, 2006

There are a lot of tutorials on the web about making thumbnails in ASP.NET. I’ve used some my self over the years. They all show how easy it is, but they all lack some fundamental functionality:

Create good thumbnails from gif images
Calculate the height based on the width
Be able to use more formats than jpg and gif

Thumbnails from gif images always turns out ugly and kind of dirty looking. If the original gif image has transparency, it turns black when it gets reformatted to a smaller gif or jpeg. That’s why I use the PNG format for gif images. The PNG format is well supported by all browsers and clients except for the older ones.

If you have an image gallery of thumbnails, you probably want all thumbnails to have the same width. The height can vary but the width is fixed. So, I added a method that calculates the height based on the width.

A JPG and TIFF is almost always better to keep as a JPG in a thumbnail, so I have added a method that keeps it that way. All other image types are thumbnailed to PNG images.

Example:
Original gif image
ASP.NET generated thumbnail

Here is the entire code used to make it work.

<%@ Import namespace="System" %>
<%@ Import namespace="System.IO" %>
<%@ Import namespace="System.Drawing" %>
<%@ Import namespace="System.Drawing.Imaging" %>

<script runat="server" language="C#">
private void Page_Load(object sender, System.EventArgs e)
{
    string filename = Request.QueryString["file"];
    int width = int.Parse(Request.QueryString["width"]);

    this.GenerateThumbnail(Server.MapPath(filename), width);
}

private void GenerateThumbnail(string filename, int width)
{
    using (System.Drawing.Image orig = System.Drawing.Image.FromFile(filename))
    {
        this.GenerateThumbnail(orig, new Size(width, CalculateHeight(orig, width)), GetFormat(filename));
    }
}

private void GenerateThumbnail(System.Drawing.Image orig, Size size, ImageFormat format)
{
    using (MemoryStream stream = new MemoryStream())
    {
        System.Drawing.Image.GetThumbnailImageAbort callback = new System.Drawing.Image.GetThumbnailImageAbort(ThumbnailCallback);
        System.Drawing.Image img = orig.GetThumbnailImage(size.Width, size.Height, callback, IntPtr.Zero);
        img.Save(stream, format);
        Response.BinaryWrite(stream.ToArray());
        Response.ContentType = "image/" + format.ToString();
    }
}

private static ImageFormat GetFormat(string filename)
{
    if (filename.EndsWith("jpg") || filename.EndsWith("jpeg") || filename.EndsWith("tiff"))
        return ImageFormat.Jpeg;

    return ImageFormat.Png;
}

private static int CalculateHeight(System.Drawing.Image img, double desiredWidth)
{
    double power = img.Width / desiredWidth;
    return (int)(img.Height / power);
}

private bool ThumbnailCallback()
{
    return false;
}
</script>

Notice the use of the MemoryStream class. This is a very important step in creating the PNG file or any other format other than JPG and GIF. This is because the ASP.NET response stream isn't searchable, but a MemoryStream is, and that what's the other formats need. This is the same for ASP.NET 1.x as well as ASP.NET 2.0. Enjoy.