Reputation: 4709
HtmlEncode in C#
Is there any way to html encode some text without using System.Web.HttpUtility.HtmlEncode method? I want to deploy my desktop application using .NET 3.5 Client Profile and the problem is that System.Web.dll it's not part of the .NET 3.5 Client Profile so I have to find an workaround.
Upvotes: 29
Views: 40478
Answers (4)
Reputation: 41802
Rick Strahl rolled his own encoding method, due to problems and inconsistencies with .NET's way of encoding things. Check out his post on Html and Uri String Encoding without System.Web.
UPDATE: After checking out the links provided by the other answers, the AntiXSS library provided by Microsoft seems like an ideal solution to this problem. They've made the source of AntiXSS 4.3 available on Codeplex: http://antixss.codeplex.com/
The AntiXSS Library includes helpful methods for encoding HTML, URLs, JavaScript, and XML. It's based on a secure whitelist model, so anything not allowed in the specifications is prohibited.
Note that according to the release notes for 4.3, June 2014, this is the last release that will contain a sanitizer, due to the negative feedback it got from the user community for being overly aggressive. So if it's a sanitizer you want, you should look at AntiSamy or building your own with the HTML agility pack.
Upvotes: 15
Reputation: 6038
I'm a fan of the AntiXSS library as well, but its worth mentioning that .net v4 includes a new utility class for encoding in System.dll. So if you have the option of moving to .net v4, you can use the client profile.
Upvotes: 55
Related Questions
- HtmlEncode from Class Library
- C# WebUtility.HtmlEncode at .NET 3.0
- C# HTMLDecode without System.Web possible?
- System.Net.WebUtility.HtmlDecode does not appear to work correctly
- HTML encoding in C# -- is there any other way
- HTMLEncode in Winforms
- Html encoding in .NET class library
- HTMLencode HTMLdecode
- Html Encode in ASP.NET Web Control
- c# Encoding conversion?