Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there any way to html encode some text without using System.Web.HttpUtility.HtmlEncode method? I want to deploy my desktop application using .NET 3.5 Client Profile and the problem is that System.Web.dll it’s not part of the .NET 3.5 Client Profile so I have to find an workaround.
Rick Strahl rolled his own encoding method, due to problems and inconsistencies with .NET’s way of encoding things. Check out his post on Html and Uri String Encoding without System.Web.
UPDATE: After checking out the links provided by the other answers, the AntiXSS library provided by Microsoft seems like an ideal solution to this problem. They’ve made the source of AntiXSS 4.3 available on Codeplex: http://antixss.codeplex.com/
The AntiXSS Library includes helpful methods for encoding HTML, URLs, JavaScript, and XML. It’s based on a secure whitelist model, so anything not allowed in the specifications is prohibited.
Note that according to the release notes for 4.3, June 2014, this is the last release that will contain a sanitizer, due to the negative feedback it got from the user community for being overly aggressive. So if it’s a sanitizer you want, you should look at AntiSamy or building your own with the HTML agility pack.