In my previous post, we implemented CRUD operations with HTML WYSIWYG editor and allowed user to enter html code for formatting. Now the next step is to validate html input to prevent XSS. One way is to use AntiXss library, but the newer version breaks everything and has compatibility issues, so not reliable. Here is the white-list approach where you can allow specific html tags and other tags will be html encoded based on this discussion(Archive Version).
In this article, We will implement CRUD (Create, Read, update and delete) operations with Knockout.js, ASP.NET Web API, Entity Framework 5.0 Database First Approach. For Add or Edit operation, A modal dialog having WYSIWYG Html editor is used. User can enter information and submit it. It should look like the image below: