public string Decode(string value)
{
var tags = "font|div|span|br|strong|em|strike|sub|sup|center|blockquote|hr|ol|ul|li|br|s|p|b|i|u|img";
var attributes = "style|size|color|face|align|dir|src|width|id|class";
var attributeCharacters = "\\'\\,\\w\\-#\\s\\:\\;\\?\\&\\.\\-\\=";
var result = Regex.Replace(value, "\\"\\;", "\"", RegexOptions.IgnoreCase);
result = Regex.Replace(result, "'", "'", RegexOptions.IgnoreCase);
result = Regex.Replace(result, "(?:\\<\\;|\\<)(\\/?)((?:" + tags + ")(?:\\s(?:" + attributes + ")=\"[" + attributeCharacters + "]*\")*)(?:\\>\\;|\\>)", "<$1$2>", RegexOptions.IgnoreCase | RegexOptions.ECMAScript);
var hrefCharacters = "^\\\"\\>\\<\\\\";
result = Regex.Replace(result, "(?:\\<\\;|\\<)(\\/?)(a(?:(?:\\shref\\=\\\"[" + hrefCharacters + "]*\\\")|(?:\\sstyle\\=\\\"[" + attributeCharacters + "]*\\\"))*)(?:\\>\\;|\\>)", "<$1$2>", RegexOptions.IgnoreCase | RegexOptions.ECMAScript);
result = Regex.Replace(result, "&?lt;", "<");
result = Regex.Replace(result, "&?gt;", ">");
result = Regex.Replace(result, "&", "&", RegexOptions.IgnoreCase);
result = Regex.Replace(result, " ", "\xA0", RegexOptions.IgnoreCase);
result = Regex.Replace(result, "[^<]<[^>]*expression[^>]*>", "", RegexOptions.IgnoreCase | RegexOptions.ECMAScript);
result = Regex.Replace(result, "[^<]<[^>]*data\\:[^>]*>", "", RegexOptions.IgnoreCase | RegexOptions.ECMAScript);
result = Regex.Replace(result, "[^<]<[^>]*script(?!\\w)[^>]*>", "", RegexOptions.IgnoreCase | RegexOptions.ECMAScript);
result = Regex.Replace(result, "[^<]<[^>]*filter[^>]*>", "", RegexOptions.IgnoreCase | RegexOptions.ECMAScript);
result = Regex.Replace(result, "[^<]<[^>]*behavior[^>]*>", "", RegexOptions.IgnoreCase | RegexOptions.ECMAScript);
result = Regex.Replace(result, "[^<]<[^>]*javascript\\:[^>]*>", "", RegexOptions.IgnoreCase | RegexOptions.ECMAScript);
result = Regex.Replace(result, "[^<]<[^>]*position\\:[^>]*>", "", RegexOptions.IgnoreCase | RegexOptions.ECMAScript);
// Check Whether EnableSanitization is disabled or not.
if(EnableSanitization && Sanitizer != null) {
var elementWhiteList = MakeCombinedElementList();
if(!elementWhiteList.ContainsKey("span"))
elementWhiteList.Add("span", new string[0]);
if(!elementWhiteList.ContainsKey("br"))
elementWhiteList.Add("br", new string[0]);
result = Sanitizer.GetSafeHtmlFragment(result, elementWhiteList);
}
// HtmlAgilityPack vanishes self-closing <hr /> tag, so replace it after sanitization
result = result.Replace("<hr>", "<hr />");
return result;
}