HttpServerUtility.HtmlEncode Method (String)


HTML-encodes a string and returns the encoded string.

Namespace:   System.Web
Assembly:  System.Web (in System.Web.dll)

Public Function HtmlEncode (
	s As String
) As String


Type: System.String

The text string to encode.

Return Value

Type: System.String

The HTML-encoded text.

HTML encoding makes sure that text is displayed correctly in the browser and not interpreted by the browser as HTML. For example, if a text string contains a less than sign (<) or greater than sign (>), the browser would interpret these characters as the opening or closing bracket of an HTML tag. When the characters are HTML encoded, they are converted to the strings &lt; and &gt;, which causes the browser to display the less than sign and greater than sign correctly.

This method is a convenient way to access the HttpUtility.HtmlEncode method at run time from an ASP.NET application. Internally, this method uses HttpUtility.HtmlEncode to encode strings.

In the code-behind file for an ASP.NET web page, access an instance of the HttpServerUtility class through the Server property. In a class that is not in a code-behind file, use HttpContext.Current.Server to access an instance of the HttpServerUtility class.

Outside of a web application, use the WebUtility class to encode or decode values.

The following example shows how to HTML-encode a value that potentially codes unsafe code. The code resides in the code-behind file for a web page. The value to encode is hard-coded in this example only to simplify the example and show the type of value you might HTML-encode. Typically, you would HTML-encode a value that you received from the user or the request. Result refers to a Literal control.

Public Class _Default
    Inherits Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
        Result.Text = Server.HtmlEncode("<script>unsafe</script>")
    End Sub
End Class

The next example is similar to the previous example except it shows how to HTML-encode a value from within a class that is not in the code-behind file.

Public Class SampleClass
    Public Function GetEncodedText() As String
        Return HttpContext.Current.Server.HtmlEncode("<script>unsafe</script>")
    End Function
End Class

.NET Framework
Available since 1.1
Return to top