Hi,
My existing ASP.NET web application uses a div (set to runat="server") to show disclaimers. This is set using div.InnerHtml property. These disclaimers contain <b>, <br/> tags to show the disclaimers text accordingly.
ex: disclaimerDiv.InnerHtml = disclaimerMsg;
On veracode submission, these were pointed as potential threats.
I tried using Anti XSS library's Sanitizer.GetSafeHtmlFragment() method, but the required tags were removed.
Is there a better way of doing this? Please advice.
Regards,
Vinod