HttpServerUtility.HtmlEncode Method

Definition

Encodes a string to be displayed in a browser.

To encode or decode values outside of a web application, use the WebUtility class.

Overloads

HtmlEncode(String)

HTML-encodes a string and returns the encoded string.

HtmlEncode(String, TextWriter)

HTML-encodes a string and sends the resulting output to a TextWriter output stream.

HtmlEncode(String)

HTML-encodes a string and returns the encoded string.

public string HtmlEncode (string s);

Parameters

s
String

The text string to encode.

Returns

The HTML-encoded text.

Examples

The following example shows how to HTML-encode a value that potentially codes unsafe code. The code resides in the code-behind file for a web page. The value to encode is hard-coded in this example only to simplify the example and show the type of value you might HTML-encode. Typically, you would HTML-encode a value that you received from the user or the request. Result refers to a Literal control.

public partial class _Default : Page
{        
    protected void Page_Load(object sender, EventArgs e)
    {
        Result.Text = Server.HtmlEncode("<script>unsafe</script>");      
    } 
}

The next example is similar to the previous example except it shows how to HTML-encode a value from within a class that is not in the code-behind file.

public class SampleClass
{
    public string GetEncodedText()
    {
        return HttpContext.Current.Server.HtmlEncode("<script>unsafe</script>");
    }
}

Remarks

HTML encoding makes sure that text is displayed correctly in the browser and not interpreted by the browser as HTML. For example, if a text string contains a less than sign (<) or greater than sign (>), the browser would interpret these characters as the opening or closing bracket of an HTML tag. When the characters are HTML encoded, they are converted to the strings &lt; and &gt;, which causes the browser to display the less than sign and greater than sign correctly.

This method is a convenient way to access the HttpUtility.HtmlEncode method at run time from an ASP.NET application. Internally, this method uses HttpUtility.HtmlEncode to encode strings.

In the code-behind file for an ASP.NET web page, access an instance of the HttpServerUtility class through the Server property. In a class that is not in a code-behind file, use HttpContext.Current.Server to access an instance of the HttpServerUtility class.

Outside of a web application, use the WebUtility class to encode or decode values.

Applies to

.NET Framework 4.8.1 and other versions
Product Versions
.NET Framework 1.1, 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1

HtmlEncode(String, TextWriter)

HTML-encodes a string and sends the resulting output to a TextWriter output stream.

public void HtmlEncode (string s, System.IO.TextWriter output);

Parameters

s
String

The string to encode.

output
TextWriter

The TextWriter output stream that contains the encoded string.

Examples

The following example encodes a string for transmission by HTTP. It encodes the string named TestString, which contains the text "This is a <Test String>.", and copies it into the string named EncodedString as "This is a <Test String>.".

String TestString = "This is a <Test String>.";
StringWriter writer = new StringWriter();
Server.HtmlEncode(TestString, writer);
String EncodedString = writer.ToString();

Remarks

HTML encoding ensures that text will be correctly displayed in the browser, not interpreted by the browser as HTML. For example, if a text string contains a less than sign (<) or greater than sign (>), the browser would interpret these characters as an opening or closing bracket of an HTML tag. The HTML encoding of these two characters is &lt; and &gt;, respectively, which causes the browser to display the less than sign and greater than sign correctly.

HtmlEncode is a convenient way to access the HttpUtility.HtmlEncode method at run time from an ASP.NET application. Internally, HtmlEncode uses HttpUtility.HtmlEncode to encode strings.

To encode or decode values outside of a web application, use the WebUtility class.

Applies to

.NET Framework 4.8.1 and other versions
Product Versions
.NET Framework 1.1, 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1