Building a Wikipedia on ASP.NET(learning exercise). How to clean untrusted data, but keep formatting?

I want to give end users the ability to save HTML to my backend store. Since this feature could easily cause SQL Injection, and loads of other issues, does anyone know of a server sid开发者_如何转开发e library that will clean the input so only the "safe" parts of HTML can be used?

Some things I'd like to avoid:

• Object Tag use
• JavaScript use
• Windows "style" pop-up boxes (such as your PC is infected with a virus)
• CSS with a Javascript action
• inline data from external sites

Since there is a 100% guarantee that I didn't come up with all the ways a user could be malicious with this feature, I'd like to learn what options I have to clean the data, but preserve basic formatting

Consider sanitizing user input with the Microsoft AntiXSS library.

• http://wpl.codeplex.com/
• http://msdn.microsoft.com/en-us/security/aa973814.aspx