HttpUtility.HtmlEncode Method (String) (System.Web)

MSDN Home

MSDN
MSDN Library
.NET Development
.NET Framework 3.5
.NET Framework Class Library
System.Web Namespace
HttpUtility Class
HttpUtility Methods
HtmlEncode Method

HtmlEncode Method

HtmlEncode Method (String)
HtmlEncode Method (String, Tex ...

Switch View :

Classic

Lightweight Beta

ScriptFree

Feedback

.NET Framework Class Library

HttpUtility..::.HtmlEncode Method (String)

Converts a string to an HTML-encoded string.

Namespace: System.Web
Assembly: System.Web (in System.Web.dll)

Syntax

Visual Basic (Declaration)

Public Shared Function HtmlEncode ( _
    s As String _
) As String

Visual Basic (Usage)

Dim s As String
Dim returnValue As String

returnValue = HttpUtility.HtmlEncode(s)

public static string HtmlEncode(
    string s
)

Visual C++

public:
static String^ HtmlEncode(
    String^ s
)

JScript

public static function HtmlEncode(
    s : String
) : String

Parameters

s: Type: System..::.String
The string to encode.

Return Value

Type: System..::.String
An encoded string.

Remarks

If characters such as blanks and punctuation are passed in an HTTP stream, they might be misinterpreted at the receiving end. HTML encoding converts characters that are not allowed in HTML into character-entity equivalents; HTML decoding reverses the encoding. For example, when embedded in a block of text, the characters < and > are encoded as < and > for HTTP transmission.

Examples

The following code example demonstrates the HtmlEncode and HtmlDecode methods of the HttpUtility class. The input string is encoded using the HtmlEncode method. The encoded string obtained is then decoded using the HtmlDecode method.

Visual Basic

Imports System
Imports System.Web
Imports System.IO

Class MyNewClass
   Public Shared Sub Main()
      Dim myString As String
      Console.WriteLine("Enter a string having '&' or '""'  in it: ")
      myString = Console.ReadLine()
      Dim myEncodedString As String
      ' Encode the string.
      myEncodedString = HttpUtility.HtmlEncode(myString)
      Console.WriteLine("HTML Encoded string is " + myEncodedString)
      Dim myWriter As New StringWriter()
      ' Decode the encoded string.
      HttpUtility.HtmlDecode(myEncodedString, myWriter)
      Console.Write("Decoded string of the above encoded string is " + myWriter.ToString())
   End Sub 'Main
End Class 'MyNewClass

using System;
using System.Web;
using System.IO;

   class MyNewClass
   {
      public static void Main()
      {
         String myString;
         Console.WriteLine("Enter a string having '&' or '\"'  in it: ");
         myString=Console.ReadLine();
         String myEncodedString;
         // Encode the string.
         myEncodedString = HttpUtility.HtmlEncode(myString);
         Console.WriteLine("HTML Encoded string is "+myEncodedString);
         StringWriter myWriter = new StringWriter();
         // Decode the encoded string.
         HttpUtility.HtmlDecode(myEncodedString, myWriter);
         Console.Write("Decoded string of the above encoded string is "+
                        myWriter.ToString());
      }
   }

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

Reference

Other Resources

How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings

Tags :

Community Content

anonymous coward

Implementation Details

Due to current implementation details, this function can be used as an xmlEncode function. Currently, all named entities used by this function are also xml predefined named entities. They are < > " & encoded as < > " and &. Other entities are decimal-encoded like  . Since these details are not currently in the official documentation, the behaviour could change in future versions, breaking code that uses this function for xml encoding.

If you go this route, make sure also to sanitize characters in the range \x0-\x19 except CR, LF, and TAB. This character range is forbidden in XML (http://www.w3.org/TR/2006/REC-xml-20060816/#NT-Char).

Tags : implementation details xmlencode

Tim Babamuratov

Lack of ellipsis encoding makes partial postbacks freak out (sometimes)

I wish we didn't have to do the code below for the partial postbacks (when UpdatePanels are involved). If we don't special-case the ellipsis, the ellipsis will not be displayed and some strange three arbitrary bytes are written by the HtmlTextWriter object to a browser, which sometimes leads to Javascript errors (fails to parse the partial update):

if ((encoded != null) && (encoded.Contains("\u2026")))
{
ret = encoded.Replace("\u2026", "…");
}

Tags : htmlencode &hellip ellipsis