I am writing a Web application that is going to be used to handle email requests.
I have written an application that I have running on a server that retrieves the emails and puts all of the information into my database including the body of the email.
I can load the email body text into a textbox and it displays correctly without hyperlinks etc. but when I submit any actions on the page I am getting an error telling me I may have opened myself up to harmful stuff. if I load it into a label, it eliminates this, but also eliminates the line breaks and paragraphs of the email. kindof hard to read.
I figure it is pretty likely that I will at the very least get some spam that has some malicious html in it.
So what is the best way to protect myself? is there a way to parse through the text to remove anything harmful while leaving the basic formatting in place?
here is the data coming from the database for one of the emails:
Test email.
First Last
Company
(000)000-00000 Office
(000)000-000 Mobile
Pisteuon@email.com
www.email.com<http://www.email.com>