HtmlEncode
, HtmlDecode
HTML must sometimes be encoded. This is necessary for it to be displayed as text in another HTML document.
With WebUtility.HtmlEncode
and HtmlDecode
, we do this without writing any custom code. We just call a method. We must include the System.Net
assembly.
Here we use HtmlEncode
and HtmlDecode
in a C# program. The System.Net
assembly is included at the top of the program.
HtmlEncode
method is designed to receive a string
that contains HTML markup characters.HtmlDecode
, meanwhile, is designed to reverse those changes. It changes encoded characters back to actual HTML.using System; using System.Net; // Part 1: encode this string. string encoded = WebUtility.HtmlEncode("<b>Hello 'friend'</b>"); // Part 2: reverse the change. string decoded = WebUtility.HtmlDecode(encoded); // Print results. Console.WriteLine("ENCODED: {0}", encoded); Console.WriteLine("DECODED: {0}", decoded);ENCODED: <b>Hello 'friend'</b> DECODED: <b>Hello 'friend'</b>
HtmlEncode
and HtmlDecode
are also built into the Server objects in ASP.NET. These methods have no advantages over the HttpUtility
methods. They are equivalent.
string
, and the HtmlTextWriter
uses a method called WriteEncodedText
.string
copy. I tested these methods with breakpoints.using System; using System.IO; using System.Web; using System.Web.UI; public partial class _Default : Page { protected void Page_Load(object sender, EventArgs e) { // This could mess up HTML. string text = "you & me > them"; // 1 // Replace > with > string htmlEncoded = Server.HtmlEncode(text); // 2 // Now has the > again. string original = Server.HtmlDecode(htmlEncoded); // 3 // This is how you can access the Server in any class. string alsoEncoded = HttpContext.Current.Server.HtmlEncode(text); // 4 StringWriter stringWriter = new StringWriter(); using (HtmlTextWriter writer = new HtmlTextWriter(stringWriter)) { // Write a DIV with encoded text. writer.RenderBeginTag(HtmlTextWriterTag.Div); writer.WriteEncodedText(text); writer.RenderEndTag(); } string html = stringWriter.ToString(); // 5 } } 1: Before encoding has occurred. String: you & me > them 2: The string is encoded for HTML. String: you & me > them 3: String is converted back from HTML. String: you & me > them 4: The string is encoded for HTML again. String: you & me > them 5: The HTML string is written into a DIV. Text: <div>you & me > them</div>
The WebUtility
class
is an effective way to encode HTML and URLs in programs. Call WebUtility.HtmlDecode
and WebUtility.HtmlEncode
on your strings.
I found Server.HtmlEncode
and Server.HtmlDecode
to be much faster than a home-grown version that used StringBuilder
. Usually it is best to use the Framework methods.
These methods provide reliable replacement of HTML characters. HtmlEncode
and HtmlDecode
also handle character entities. These are sequences that represent non-ASCII characters.