HttpServerUtility.HtmlEncode Method (String)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

HTML-encodes a string and returns the encoded string.

Namespace:   System.Web
Assembly:  System.Web (in System.Web.dll)

public string HtmlEncode(
	string s


Type: System.String

The text string to encode.

Return Value

Type: System.String

The HTML-encoded text.

HTML encoding makes sure that text is displayed correctly in the browser and not interpreted by the browser as HTML. For example, if a text string contains a less than sign (<) or greater than sign (>), the browser would interpret these characters as the opening or closing bracket of an HTML tag. When the characters are HTML encoded, they are converted to the strings &lt; and &gt;, which causes the browser to display the less than sign and greater than sign correctly.

This method is a convenient way to access the HttpUtility.HtmlEncode method at run time from an ASP.NET application. Internally, this method uses HttpUtility.HtmlEncode to encode strings.

In the code-behind file for an ASP.NET web page, access an instance of the HttpServerUtility class through the Server property. In a class that is not in a code-behind file, use HttpContext.Current.Server to access an instance of the HttpServerUtility class.

Outside of a web application, use the WebUtility class to encode or decode values.

The following example shows how to HTML-encode a value that potentially codes unsafe code. The code resides in the code-behind file for a web page. The value to encode is hard-coded in this example only to simplify the example and show the type of value you might HTML-encode. Typically, you would HTML-encode a value that you received from the user or the request. Result refers to a Literal control.

public partial class _Default : Page
    protected void Page_Load(object sender, EventArgs e)
        Result.Text = Server.HtmlEncode("<script>unsafe</script>");      

The next example is similar to the previous example except it shows how to HTML-encode a value from within a class that is not in the code-behind file.

public class SampleClass
    public string GetEncodedText()
        return HttpContext.Current.Server.HtmlEncode("<script>unsafe</script>");

.NET Framework
Available since 1.1
Return to top