Htmlencode from Class Library

HtmlEncode from Class Library

Import System.Web
Or call the System.Web.HttpUtility which contains it

You will need to add the reference to the DLL if it isn't there already

string TestString = "This is a <Test String>.";
string EncodedString = System.Web.HttpUtility.HtmlEncode(TestString);

Html encoding in .NET class library

You can import the System.Web namespace and use the HttpUtility class. Altohugh it's a Web assembly I don't think it's neccesary to be running under a Web environment for it to work.

HtmlEncode in C#

Rick Strahl rolled his own encoding method, due to problems and inconsistencies with .NET's way of encoding things. Check out his post on Html and Uri String Encoding without System.Web.

UPDATE: After checking out the links provided by the other answers, the AntiXSS library provided by Microsoft seems like an ideal solution to this problem. They've made the source of AntiXSS 4.3 available on Codeplex: http://antixss.codeplex.com/

The AntiXSS Library includes helpful methods for encoding HTML, URLs, JavaScript, and XML. It's based on a secure whitelist model, so anything not allowed in the specifications is prohibited.

Note that according to the release notes for 4.3, June 2014, this is the last release that will contain a sanitizer, due to the negative feedback it got from the user community for being overly aggressive. So if it's a sanitizer you want, you should look at AntiSamy or building your own with the HTML agility pack.

HTMLEncode in Winforms

try

System.Web.HttpUtility.HtmlEncode(foo);

you will need to add a reference to System.Web.dll

Differences between different .net framework HtmlEncode methods

If you dig though the source code you can follow easily enough.

System.Web.HttpUtility.HtmlEncode

    /// <devdoc>
    ///    <para>
    ///       HTML encodes a string and returns the encoded string.
    ///    </para>
    /// </devdoc>
    public static String HtmlEncode(String s) {
        return HttpEncoder.Current.HtmlEncode(s);
    }

System.Web.HttpServerUtility.HtmlEncode

    /// <devdoc>
    ///    <para>
    ///       HTML
    ///       encodes a given string and
    ///       returns the encoded string.
    ///    </para>
    /// </devdoc>
    public string HtmlEncode(string s) {
        return HttpUtility.HtmlEncode(s);
    }

System.Net.WebUtility.HtmlEncode

    public static string HtmlEncode(string value) {
        if (String.IsNullOrEmpty(value)) {
            return value;
        }

        // Don't create string writer if we don't have nothing to encode
        int index = IndexOfHtmlEncodingChars(value, 0);
        if (index == -1) {
            return value;
        }

        StringWriter writer = new StringWriter(CultureInfo.InvariantCulture);
        HtmlEncode(value, writer);
        return writer.ToString();
    }

So System.Web.HttpServerUtility.HtmlEncode actually uses System.Web.HttpUtility.HtmlEncode. If you drill into HttpEncoder.Current.HtmlEncode(s); this has the following code:

    protected internal virtual void HtmlDecode(string value, TextWriter output) {
        WebUtility.HtmlDecode(value, output);
    }

Tl;Dr

So they all, ultimately, use System.Net.WebUtility.HtmlEncode. I guess the System.Web version are only there for backwards compatibillity. Hence the advice of using the System.Net version.

Where is HtmlEncode in Asp.NET 5

HtmlEncoder in Microsoft.Extensions.WebEncoders.Core is just a wrapper around System.Text.Encodings.Web.HtmlEncoder to implement IHtmlEncoder interface (https://github.com/aspnet/HttpAbstractions/blob/release/src/Microsoft.Extensions.WebEncoders.Core/HtmlEncoder.cs).

You can take Microsoft.Extensions.WebEncoders.HtmlEncoder.Default and pass to WriteTo method.

From what I see in dev branch MVC moved to using System.Text.Encodings.Web.HtmlEncoder directly so you wan't need to use Microsoft.Extensions.WebEncoders.HtmlEncoder anymore in future.

HtmlEncode with HTML entity name, is it possible?

HtmlEncode(word); does only encode ISO 8859-1 (Latin-1). Which means your input needs to be encoded in ISO 8859-1. The ó is not in the iso standard, you can try to use the AntiXss encoder:

Microsoft.Security.Application.AntiXss.HtmlEncode("ó"); 

or Microsoft.Security.Application.Encoder.HtmlEncode("ó");

Related Topics

No Definition Found for Getactiveobject from System.Runtime.Interopservices.Marshal C#

How to Perform an Insert and Return Inserted Identity with Dapper

Why Does Ienumerable<T> Inherit from Ienumerable

What's Wrong with These Parameters

How to Store (And Manage) Application License Information

High Memory Consumption with Enumerable.Range

Monitor VS Mutex in C#

How to Embed Gecko or Webkit in a Windows Form Just Like a Webview

Adding or Subtracting Color from an Image in a Picturebox Using C#

C#: How to Get First Char of a String

How to Reduce Memory Consumption of PDFptable with Many Cells

What's a Good Way of Doing String Templating in .Net

Why Are Some Members Missing When Trying to Print an Object by Serializing to JSON

Upgrading Old Unity Code to Unity 5

Recommendation for C# Matrix Library

"Strange" C# Property Syntax

Memcached with Windows and .Net

What Happens If I Return Before the End of Using Statement? Will the Dispose Be Called


Leave a reply



Submit