Escape text for HTML

c# html escaping
132,876

Solution 1

using System.Web;

var encoded = HttpUtility.HtmlEncode(unencoded);

Solution 2

Also, you can use this if you don't want to use the System.Web assembly:

var encoded = System.Security.SecurityElement.Escape(unencoded)

Per this article, the difference between System.Security.SecurityElement.Escape() and System.Web.HttpUtility.HtmlEncode() is that the former also encodes apostrophe (') characters.

Solution 3

If you're using .NET 4 or above and you don't want to reference System.Web, you can use WebUtility.HtmlEncode from System

var encoded = WebUtility.HtmlEncode(unencoded);

This has the same effect as HttpUtility.HtmlEncode and should be preferred over System.Security.SecurityElement.Escape.

Solution 4

In ASP.NET 4.0 there's new syntax to do this. Instead of

<%= HttpUtility.HtmlEncode(unencoded) %>

you can simply do

<%: unencoded %>

Read more here:

New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2)

Solution 5

.NET 4.0 and above:

using System.Web.Security.AntiXss;
//...
var encoded = AntiXssEncoder.HtmlEncode("input", useNamedEntities: true);
Share:
132,876
Admin
Author by

Admin

Updated on July 26, 2022

Comments

  • Admin
    Admin almost 2 years

    How do i escape text for html use in C#? I want to do 

    sample="<span>blah<span>"

    and have 

    <span>blah<span>

    show up as plain text instead of blah only with the tags part of the html :(. Using C# not ASP

  • Admin
    Admin about 15 years
    I made the question more clear. I dont want the tags to be part of html as the user can do </pre> and break it.
  • Gyuri
    Gyuri over 14 years
    If you also want to encode unicode characters to non-unicode, check out this: stackoverflow.com/questions/82008/…
  • Victor Sergienko
    Victor Sergienko about 11 years
    Not to say SecurityElement.Escape() escapes for XML which is not exactly HTML.
  • Travis
    Travis over 10 years
    Why should it be preferred over SecurityElement.Escape? Are there vulnerabilities in the latter, or is the former just more capable?
  • Alex
    Alex over 10 years
    @Travis There are no vulnerabilities in either, it's just that SecurityElement.Escape operates on XML and HtmlEncode operates on HTML, and XML and HTML encoding have slightly different requirements (see this answer for details). So, for example, SecurityElement.Escape is allowed to use &apos;, while HtmlEncode is not.
  • pkExec
    pkExec over 9 years
    Something that you don't want to find out the bad way: The above method by itself does not escape control characters. See the accepted answer here: stackoverflow.com/a/4501246/1543677 and use both.
  • Spets
    Spets over 9 years
    Great post thanks man this fixed exactly what I was looking for!
  • Tertium
    Tertium over 7 years
    HttpUtility does not exist anymore (win store apps)
  • Tertium
    Tertium over 7 years
    System.Security.SecurityElement does not exist in windows store apps
  • ruffin
    ruffin over 7 years
    @Travis I think the even better "excuse" is that System.Net is available to Portable Class Libraries and the other two options aren't/don't seem to be this morning. ;^)
  • mortb
    mortb about 7 years
    <xmp> has been deprecated long ago: stackoverflow.com/questions/8307846/… use <pre> instead
  • Admin
    Admin over 6 years
    please give a syntax for Razor? @Nacht
  • Bouke
    Bouke over 4 years
    You are probably serving content using the wrong encoding. IE and Edge have no problems displaying such characters.
  • Peter Mortensen
    Peter Mortensen about 3 years
    Re "htmlencode": Do you mean "HtmlEncode"?
  • user2728841
    user2728841 almost 3 years
    Note that System.Security.SecurityElement.Escape does not remove or escape character 31, which hit us once from an extract of active directory data

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Decode HTML escaped characters back to normal string in C#
Default selection in RadioButtonFor
Cross platform desktop development with HTML5 GUI
How to parse json to html in .net
How to post HTML form from server side?
Escape string with PHP and HTML
Represent string as currency or decimal using razor @Html.textboxfor
Create PDF from Template
Why doesn't my Input of type=number show a decimal when used with ASP.NET MVC?
Controlling Group order in a Kendo UI Grid