How do I encode html leaving out the safe html

My data coming from the database might contain some html. If I use

string dataFromDb = "Some text<br />开发者_运维百科;some more <br><ul><li>item 1</li></ul>";
HttpContext.Current.Server.HtmlEncode(dateFromDb);

Then everything gets encoded and I see the safe Html on the screen.

However, I want to be able to execute the safe html as noted in the dataFromDb above.

I think I am trying to create white list to check against.

• How do I go about doing this?
• Is there some Regex already out there that can do this?

Check out this article the AntiXSS library is also worth a look

You should use the Microsoft AntiXSS library. I believe the latest version is available here. Specifically, you'll want to use the GetSafeHtmlFragment method.