I'm using this Regex to validate the content of a TinyMCE richtext box. This is an MVC application and I don't want users to be able to enter malicious Javascript.
The regex is failing as the richtext box is generating its own HTML.
[RegularExpression(@"^[a-zA-Z0-9\s-'.]+$", ErrorMessage = "Only letters, numbers, spaces and '-' are allowed in description.")]
I tried removing the regex and adding this code, but was able to enter a script tag.
valid_elements : "a[href|target=_blank],strong/b,div[align],br",