Reputation:
Alternative to System.Web.HttpUtility.HtmlEncode/Decode?
Is there any 'slimmer' alternative to the System.Web.HttpUtility.HtmlEncode/.Decode functions in .net 3.5 (sp1)? A separate library is fine.. or even 'wanted', at least something that does not pull in a 'whole new world' of dependencies that System.Web requires.
I only want to convert a normal string into its xml/xhtml compliant equivalent (& back).
Upvotes: 5
Views: 10197
Answers (6)
Reputation: 1583
same thing as @marco except the language is powershell
function Invoke-HTMLEncode
{ #https://stackoverflow.com/questions/2779594/alternative-to-system-web-httputility-htmlencode-decode
param($string)
if([string]::isNullorEmpty($string))
{
$return = $null
}
$result = [system.text.stringbuilder]::new($string.length)
foreach($ch in $string.ToCharArray())
{
if([byte][char]$ch -le [byte][char]'>')
{
switch ($ch)
{
'<' {
$result.append("<") | out-null
break;
}
'>' {
$result.append(">")| out-null
break;
}
'"' {
$result.append(""")| out-null
break;
}
'&'{
$result.append("&")| out-null
break;
}
default {
$result.append($ch)| out-null
break;
}
}
}
elseif([byte][char]$ch -ge 160 -and [byte][char]$ch -lt 256)
{
#result.Append("&#").Append(((int)ch).ToString(CultureInfo.InvariantCulture)).Append(';');
$result.append("&#").append(([byte][char]$ch).toString([System.Globalization.CultureInfo]::InvariantCulture)).append(';') | out-null
}
else
{
$result.Append($ch) | out-null
}
}
$result.ToString()
}
Upvotes: 0
Reputation: 6675
For HTML, if using .NET Framework 4.0's System.Net.WebUtility not a viable solution, you could use this:
string HtmlEncode(string s)
{
if (s == null)
{
return null;
}
var result = new StringBuilder(s.Length);
foreach (char ch in s)
{
if (ch <= '>')
{
switch (ch)
{
case '<':
result.Append("<");
break;
case '>':
result.Append(">");
break;
case '"':
result.Append(""");
break;
case '\'':
result.Append("'");
break;
case '&':
result.Append("&");
break;
default:
result.Append(ch);
break;
}
}
else if (ch >= 160 && ch < 256)
{
result.Append("&#").Append(((int)ch).ToString(CultureInfo.InvariantCulture)).Append(';');
}
else
{
result.Append(ch);
}
}
return result.ToString();
}
Reson of implementation:
Doing a lot of Replace() on a string would be very inneficient, especially on large strings.
Disclaimer:
This solution was inspired by using JetBrains dotPeek on the .NET Framework 4.0 System assembly.
Upvotes: 4
Reputation:
In .NET Framework 4.0, System.Net.WebUtility.HtmlEncode perhaps? Do note that this class is located in System.dll and not System.Web.dll.
Upvotes: 27
Reputation: 74557
Although encoding might seem simple, I strongly recommend to use a library that is in wide-spread use to minimize the risk of security vulnerabilities. Microsoft's Anti-Cross Site Scripting Library provides methods for Html/Xml/Javascript escaping and the respective attribute escapes and should cover most of your web needs.
Upvotes: 1
Reputation: 3785
If possible you can "borrow" the HttpUtility class from Mono code and compile it directly a your utility assembly.
Upvotes: 1
Reputation: 700720
For XML you just have to encode the characters that have a special meaning, so you could get away with something simple like:
public static string XmlEncode(string value) {
return value
.Replace("<", "<")
.Replace(">", ">")
.Replace("\"", """)
.Replace("'", "'")
.Replace("&", "&");
}
public static string XmlDecode(string value) {
return value
.Replace("<", "<")
.Replace(">", ">")
.Replace(""", "\"")
.Replace("'", "'")
.Replace("&", "&");
}
Upvotes: 5
Related Questions
- Converting HTML entities to Unicode Characters in C#
- Decoding entire HTML entities at once
- How have Html entities inside asp.net page?
- HtmlEncode with HTML entity name, is it possible?
- html entity encode text only, not html tag
- C# HTMLDecode without System.Web possible?
- Decoding all HTML Entities
- Method to encode to HTML character entity
- .NET vs HTML entities : it do a second decode?
- In .net, is there an opposite function to Server.HTMLEncode()?