Home
C#
HtmlEncode and HtmlDecode
Updated Oct 10, 2023
Dot Net Perls
HtmlTextWriterHttpUtility.HtmlEncodeStringBuilder

HtmlEncode, HtmlDecode

HTML must sometimes be encoded. This is necessary for it to be displayed as text in another HTML document.

With WebUtility.HtmlEncode and HtmlDecode, we do this without writing any custom code. We just call a method. We must include the System.Net assembly.

An example

Here we use HtmlEncode and HtmlDecode in a C# program. The System.Net assembly is included at the top of the program.

Part 1 The HtmlEncode method is designed to receive a string that contains HTML markup characters.
Part 2 HtmlDecode, meanwhile, is designed to reverse those changes. It changes encoded characters back to actual HTML.
using System;
using System.Net;

// Part 1: encode this string.
string encoded = WebUtility.HtmlEncode("<b>Hello 'friend'</b>");

// Part 2: reverse the change.
string decoded = WebUtility.HtmlDecode(encoded);

// Print results.
Console.WriteLine("ENCODED: {0}", encoded);
Console.WriteLine("DECODED: {0}", decoded);
ENCODED: &lt;b&gt;Hello &#39;friend&#39;&lt;/b&gt;
DECODED: <b>Hello 'friend'</b>

Example 2

HtmlEncode and HtmlDecode are also built into the Server objects in ASP.NET. These methods have no advantages over the HttpUtility methods. They are equivalent.

Here We see 3 methods. The first 2 return an encoded or decoded string, and the HtmlTextWriter uses a method called WriteEncodedText.
Note This may be more efficient, as it could avoid a string copy. I tested these methods with breakpoints.
using System;
using System.IO;
using System.Web;
using System.Web.UI;

public partial class _Default : Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        // This could mess up HTML.
        string text = "you & me > them"; // 1

        // Replace > with >
        string htmlEncoded = Server.HtmlEncode(text); // 2

        // Now has the > again.
        string original = Server.HtmlDecode(htmlEncoded); // 3

        // This is how you can access the Server in any class.
        string alsoEncoded = HttpContext.Current.Server.HtmlEncode(text); // 4

        StringWriter stringWriter = new StringWriter();
        using (HtmlTextWriter writer = new HtmlTextWriter(stringWriter))
        {
            // Write a DIV with encoded text.
            writer.RenderBeginTag(HtmlTextWriterTag.Div);
            writer.WriteEncodedText(text);
            writer.RenderEndTag();
        }
        string html = stringWriter.ToString(); // 5
    }
}
     1: Before encoding has occurred.
String: you & me > them

     2: The string is encoded for HTML.
String: you &amp; me &gt; them

     3: String is converted back from HTML.
String: you & me > them

     4: The string is encoded for HTML again.
String: you &amp; me &gt; them

     5: The HTML string is written into a DIV.
  Text: <div>you &amp; me &gt; them</div>

Notes

The WebUtility class is an effective way to encode HTML and URLs in programs. Call WebUtility.HtmlDecode and WebUtility.HtmlEncode on your strings.

Performance

I found Server.HtmlEncode and Server.HtmlDecode to be much faster than a home-grown version that used StringBuilder. Usually it is best to use the Framework methods.

Summary

These methods provide reliable replacement of HTML characters. HtmlEncode and HtmlDecode also handle character entities. These are sequences that represent non-ASCII characters.

Dot Net Perls is a collection of pages with code examples, which are updated to stay current. Programming is an art, and it can be learned from examples.
Donate to this site to help offset the costs of running the server. Sites like this will cease to exist if there is no financial support for them.
Sam Allen is passionate about computer languages, and he maintains 100% of the material available on this website. He hopes it makes the world a nicer place.
This page was last updated on Oct 10, 2023 (edit).
Home
Changes
© 2007-2025 Sam Allen