Use the HtmlEncode property to specify whether field values are HTML-encoded to their respective string representations before they are displayed in a BoundField object. For example, if this property is true, a string value of "<script>" would be rendered as "<script>". If this property is false, the string would be rendered unchanged.
HTML-encoding field values helps to prevent cross-site scripting attacks and malicious content from being displayed. This property should be enabled whenever possible.
Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)