XSS 處理 C# 預設:HttpUtility.HtmlEncode() 可考慮:mganss/HtmlSanitizer: Cleans HTML to avoid XSS attacks 浮雲雅築: [研究][ASP.NET] 防 XSS 的 HtmlSanitizer ( HTML消毒劑) JS 好東西:cure53/DOMPurify: DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: