C# HttpUtility.HtmlEncode Methods

by Sam Allen - Updated January 7, 2010

You have an HTML string in your C# program or ASP.NET application and want to change the representation and encoding or the string so that it is more useful as text content or as structural markup. The System.Web namespace and assembly provides the useful HttpUtility class that can fulfill this purpose. Here we examine the HttpUtility class and its methods HtmlDecode and HtmlEncode in particular, which change the representation of special characters in HTML strings, reducing the possibility of certain issues.

Using HttpUtility methods

First, here we look at an example code-behind file written in the C# programming language that demonstrates the usage of the HttpUtility class in general and the HtmlDecode and HtmlEncode methods in particular. These methods are ideal for changing the representation of "special" characters in HTML strings. HTML uses some characters such as < and > that are interpreted differently than regular textual characters as they indicate the structure of the document.

--- Page that uses HttpUtility methods (C#) ---

using System;
using System.Diagnostics;
using System.Web;
using System.Web.UI;

public partial class _Default : Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        //
        // Shows how the HtmlDecode and HtmlEncode methods work.
        //
        string value1 = "&lt;html&gt;";
        string value2 = HttpUtility.HtmlDecode(value1);
        string value3 = HttpUtility.HtmlEncode(value2);
        Debug.WriteLine(value1);
        Debug.WriteLine(value2);
        Debug.WriteLine(value3);
    }
}

--- Debug output of the page ---

&lt;html&gt;
<html>
&lt;html&gt;

Program text has raw HTML. The program text defines the code-behind in an ASP.NET web page file. The string literal value1 is assigned to an HTML string containing escaped HTML characters. characters. If you have unencoded user input, you must escape it before rendering it to another web page or HTTP response. The HttpUtility methods used next accomplish this task.

Converting with HttpUtility.HtmlDecode and HttpUtility.HtmlEncode. The HtmlDecode and HtmlEncode methods are invoked with the HTML string variable parameters. The original string reference value1 is unchanged by the program, but the HttpUtility.HtmlDecode method transformed the encoded brackets into actual brackets. Finally, the HtmlEncode method translated the decoded string back to the original encoded string.

ASP.NET projects

Here we mention that it is easy to use the HttpUtility methods in projects that are console projects or even Windows Forms programs, which are not request-based or actually written for the HTTP protocol. The other ways to encode data in System.Web may require actual Server intrinsic objects in the ASP.NET pipeline. Using the HttpUtility.HtmlDecode, HtmlEncode, UrlDecode, and UrlEncode methods is practical. You can find another description of HTML encoding in ASP.NET using the Server object.

(See Encode HTML String.)

Summary

Here we looked at the HttpUtility.HtmlDecode and HttpUtility.HtmlEncode methods from the System.Web namespace, which can be used in any .NET project. You must ensure that the correct System.Web assembly is loaded into the assembly references in your project if you are not using an ASP.NET project that has it already included. These methods and the related ones on HttpUtility are ideal for processing HTML strings for user input and display. This can avoid some security problems or other annoyances for your web site's visitors.

(Do not copy this page.)

Dot Net Perls | Search
HTML | ASCII Table | Encode HTML String | HTML Tags, Removing Tags From Files and Strings | HtmlTextWriter Use | iPhone Web App Example Code
C# | SaveFileDialog Tutorial | IntegralHeight Property (Windows Forms) | Array.FindIndex Method | File.Replace Method
© 2010 Sam Allen. All rights reserved.
Dot Net Perls | Sam Allen