Reputation: 67295
Correct Way to Encode HTML Page Title
I have an ASP.NET WebForms application. I'm setting the page's title based on content from my database.
Because this content is entered by the user, it can contain any characters, including ones that could be interpreted as HTML markup. Therefore, I am HTML-encoding this content before setting the title.
But I see this is causing problems by producing overly encoded results:
<title>Hoigaard&#39;s Nordic Walking Tuesdays</title>
What is the correct way to safely encode text used to set the title tag?
Upvotes: 4
Views: 1940
Answers (2)
Reputation: 56779
I tested this, and it appears setting Page.Title already performs the encoding. So your additional encoding is resulting in double-encoded results. Just set the Page.Title directly:
Page.Title = "Test & Testing";
result:
<title>Test & Testing</title>
Upvotes: 3
Reputation: 29932
Use some function similar to the PHP function htmlspecialchars():
<%
' Copyright (c) 2009, reusablecode.blogspot.com; some rights reserved.
' This work is licensed under the Creative Commons Attribution License.
' Convert special characters to HTML entities.
function htmlspecialchars(someString)
' Critical that ampersand is converted first, since all entities contain them.
htmlspecialchars = replace(replace(replace(replace(someString, "&", "&"), ">", ">"), "<", "<"), """", """)
end function
%>
source: http://snipplr.com/view/12207/htmlspecialchars/
Upvotes: 0
Related Questions
- ASP.NET / C# Page Title
- Do I need to html-encode title attributes (tooltips)?
- Can UTF-8 encoded characters be used in a page title?
- HTML Encoding with ASP.NET
- Format/Safe string for "title" attribute in anchor
- Html Encode in ASP.NET Web Control
- Using an explicit localization expression for a page title?
- using an asp.net literal inside the <title> element
- How do I use the html 'title' attribute with Html.Encode()?
- Issue with localizing html title of a page