An AntiXss attribute for Web API request models. It essentially runs the Microsoft AntiXss library against the input and fails validation if the result is different to the original value. There are ways to fine tune and relax where appropriate.
$ dotnet add package ASPNetWebAPIAntiXssNo README available.