HtmlEncode from Class Library
Import System.Web
Or call the System.Web.HttpUtility which contains it
You will need to add the reference to the DLL if it isn't there already
string TestString = "This is a <Test String>.";
string EncodedString = System.Web.HttpUtility.HtmlEncode(TestString);
Html encoding in .NET class library
You can import the System.Web namespace and use the HttpUtility class. Altohugh it's a Web assembly I don't think it's neccesary to be running under a Web environment for it to work.
HtmlEncode in C#
Rick Strahl rolled his own encoding method, due to problems and inconsistencies with .NET's way of encoding things. Check out his post on Html and Uri String Encoding without System.Web.
UPDATE: After checking out the links provided by the other answers, the AntiXSS library provided by Microsoft seems like an ideal solution to this problem. They've made the source of AntiXSS 4.3 available on Codeplex: http://antixss.codeplex.com/
The AntiXSS Library includes helpful methods for encoding HTML, URLs, JavaScript, and XML. It's based on a secure whitelist model, so anything not allowed in the specifications is prohibited.
Note that according to the release notes for 4.3, June 2014, this is the last release that will contain a sanitizer, due to the negative feedback it got from the user community for being overly aggressive. So if it's a sanitizer you want, you should look at AntiSamy or building your own with the HTML agility pack.
HTMLEncode in Winforms
try
System.Web.HttpUtility.HtmlEncode(foo);
you will need to add a reference to System.Web.dll
Differences between different .net framework HtmlEncode methods
If you dig though the source code you can follow easily enough.
System.Web.HttpUtility.HtmlEncode
/// <devdoc>
/// <para>
/// HTML encodes a string and returns the encoded string.
/// </para>
/// </devdoc>
public static String HtmlEncode(String s) {
return HttpEncoder.Current.HtmlEncode(s);
}
System.Web.HttpServerUtility.HtmlEncode
/// <devdoc>
/// <para>
/// HTML
/// encodes a given string and
/// returns the encoded string.
/// </para>
/// </devdoc>
public string HtmlEncode(string s) {
return HttpUtility.HtmlEncode(s);
}
System.Net.WebUtility.HtmlEncode
public static string HtmlEncode(string value) {
if (String.IsNullOrEmpty(value)) {
return value;
}
// Don't create string writer if we don't have nothing to encode
int index = IndexOfHtmlEncodingChars(value, 0);
if (index == -1) {
return value;
}
StringWriter writer = new StringWriter(CultureInfo.InvariantCulture);
HtmlEncode(value, writer);
return writer.ToString();
}
So System.Web.HttpServerUtility.HtmlEncode
actually uses System.Web.HttpUtility.HtmlEncode
. If you drill into HttpEncoder.Current.HtmlEncode(s);
this has the following code:
protected internal virtual void HtmlDecode(string value, TextWriter output) {
WebUtility.HtmlDecode(value, output);
}
Tl;Dr
So they all, ultimately, use System.Net.WebUtility.HtmlEncode
. I guess the System.Web
version are only there for backwards compatibillity. Hence the advice of using the System.Net
version.
Where is HtmlEncode in Asp.NET 5
HtmlEncoder
in Microsoft.Extensions.WebEncoders.Core
is just a wrapper around System.Text.Encodings.Web.HtmlEncoder
to implement IHtmlEncoder
interface (https://github.com/aspnet/HttpAbstractions/blob/release/src/Microsoft.Extensions.WebEncoders.Core/HtmlEncoder.cs).
You can take Microsoft.Extensions.WebEncoders.HtmlEncoder.Default
and pass to WriteTo
method.
From what I see in dev branch MVC moved to using System.Text.Encodings.Web.HtmlEncoder
directly so you wan't need to use Microsoft.Extensions.WebEncoders.HtmlEncoder
anymore in future.
HtmlEncode with HTML entity name, is it possible?
HtmlEncode(word); does only encode ISO 8859-1 (Latin-1). Which means your input needs to be encoded in ISO 8859-1. The ó is not in the iso standard, you can try to use the AntiXss encoder:
Microsoft.Security.Application.AntiXss.HtmlEncode("ó");
or Microsoft.Security.Application.Encoder.HtmlEncode("ó");
Related Topics
No Definition Found for Getactiveobject from System.Runtime.Interopservices.Marshal C#
How to Perform an Insert and Return Inserted Identity with Dapper
Why Does Ienumerable<T> Inherit from Ienumerable
What's Wrong with These Parameters
How to Store (And Manage) Application License Information
High Memory Consumption with Enumerable.Range
How to Embed Gecko or Webkit in a Windows Form Just Like a Webview
Adding or Subtracting Color from an Image in a Picturebox Using C#
C#: How to Get First Char of a String
How to Reduce Memory Consumption of PDFptable with Many Cells
What's a Good Way of Doing String Templating in .Net
Why Are Some Members Missing When Trying to Print an Object by Serializing to JSON
Upgrading Old Unity Code to Unity 5
Recommendation for C# Matrix Library
Memcached with Windows and .Net
What Happens If I Return Before the End of Using Statement? Will the Dispose Be Called