HttpServerUtility.HtmlEncode Method (String)

HTML-encodes a string and returns the encoded string.

Namespace:  System.Web
Assembly:  System.Web (in System.Web.dll)

public string HtmlEncode(
	string s
)

Parameters

s
Type: System.String

The text string to encode.

Return Value

Type: System.String
The HTML-encoded text.

HTML encoding makes sure that text is displayed correctly in the browser and not interpreted by the browser as HTML. For example, if a text string contains a less than sign (<) or greater than sign (>), the browser would interpret these characters as the opening or closing bracket of an HTML tag. When the characters are HTML encoded, they are converted to the strings &lt; and &gt;, which causes the browser to display the less than sign and greater than sign correctly.

This method is a convenient way to access the HttpUtility.HtmlEncode method at run time from an ASP.NET application. Internally, this method uses HttpUtility.HtmlEncode to encode strings.

In the code-behind file for an ASP.NET web page, access an instance of the HttpServerUtility class through the Server property. In a class that is not in a code-behind file, use HttpContext.Current.Server to access an instance of the HttpServerUtility class.

Outside of a web application, use the WebUtility class to encode or decode values.

The following example shows how to HTML-encode a value that potentially codes unsafe code. The code resides in the code-behind file for a web page. The value to encode is hard-coded in this example only to simplify the example and show the type of value you might HTML-encode. Typically, you would HTML-encode a value that you received from the user or the request. Result refers to a Literal control.

public partial class _Default : Page
{        
    protected void Page_Load(object sender, EventArgs e)
    {
        Result.Text = Server.HtmlEncode("<script>unsafe</script>");      
    } 
}

The next example is similar to the previous example except it shows how to HTML-encode a value from within a class that is not in the code-behind file.

public class SampleClass
{
    public string GetEncodedText()
    {
        return HttpContext.Current.Server.HtmlEncode("<script>unsafe</script>");
    }
}

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0, 1.1
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft