HtmlSanitizer | Cleans HTML to avoid XSS attacks

Since the release of the security patches in August 2021 that prevents Cross-Site Scripting via Rich-Text Content I noticed that the output of HTML Content Elements suddenly changed in our projects. Some tag attributes and tags got removed by the newly introduced HTML Sanitizer (when the template is modified so that t3:// style TypoLinks get rendered).

So simply overriding the default Html.html Fluid Template, changing the to and adding a html decoding like in the following example is no longer sufficient.

I am thinking of using the HtmlSanitizer Nuget package by MGans for sanitizing input and output on our application. Given the below input and applying the Sanitize() method, the following is returned:

Input:

I have a dotnet 5 web API with an Angular2+ front end, which I'm building from a previous 3.1 MVC version of the app. I'm having an issue with CORS while looking to authenticate with Yahoo that I did not have with the MVC version. The error I am getting is:

"Access to XMLHttpRequest at 'https://api.login.yahoo.com...' (redirected from 'https://localhost:5003/api/draft/yahooauth/') from origin 'https://localhost:5003' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

My API Controller:

Got this error un .net core 5 solution with angular client after enabling lz4BlockArray compression. Without compression everithing seems to work pretty fine. Looking around for motivation but i found nothing. Seems like some decoders aren't loaded correctly.

That's client side error, no server side error