Export (0) Print
Expand All

HttpServerUtility.HtmlEncode Method (String)

HTML-encodes a string and returns the encoded string.

Namespace:  System.Web
Assembly:  System.Web (in System.Web.dll)

Public Function HtmlEncode ( _
	s As String _
) As String


Type: System.String

The text string to encode.

Return Value

Type: System.String
The HTML-encoded text.

HTML encoding makes sure that text is displayed correctly in the browser and not interpreted by the browser as HTML. For example, if a text string contains a less than sign (<) or greater than sign (>), the browser would interpret these characters as the opening or closing bracket of an HTML tag. When the characters are HTML encoded, they are converted to the strings &lt; and &gt;, which causes the browser to display the less than sign and greater than sign correctly.

This method is a convenient way to access the HttpUtility.HtmlEncode method at run time from an ASP.NET application. Internally, this method uses HttpUtility.HtmlEncode to encode strings.

In the code-behind file for an ASP.NET web page, access an instance of the HttpServerUtility class through the Server property. In a class that is not in a code-behind file, use HttpContext.Current.Server to access an instance of the HttpServerUtility class.

Outside of a web application, use the WebUtility class to encode or decode values.

The following example shows how to HTML-encode a value that potentially codes unsafe code. The code resides in the code-behind file for a web page. The value to encode is hard-coded in this example only to simplify the example and show the type of value you might HTML-encode. Typically, you would HTML-encode a value that you received from the user or the request. Result refers to a Literal control.

Public Class _Default
    Inherits Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
        Result.Text = Server.HtmlEncode("<script>unsafe</script>")
    End Sub 
End Class

The next example is similar to the previous example except it shows how to HTML-encode a value from within a class that is not in the code-behind file.

Public Class SampleClass
    Public Function GetEncodedText() As String 
        Return HttpContext.Current.Server.HtmlEncode("<script>unsafe</script>")
    End Function 
End Class

.NET Framework

Supported in: 4.5, 4, 3.5, 3.0, 2.0, 1.1, 1.0

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

© 2014 Microsoft