C# HtmlEncode, HtmlDecode

Hypertext markup language: HTML

HTML must sometimes be encoded. This is necessary for it to be displayed as text in another HTML document. With the WebUtility.HtmlEncode and WebUtility.HtmlDecode methods in the C# language, we do this without writing any custom code.

Not HTML encoded

You & me > them

Is HTML encoded

You & me > them

Example

Note

The HtmlEncode method is designed to receive a string that contains HTML markup characters such as > and <. The HtmlDecode method, meanwhile, is designed to reverse those changes. It changes encoded characters back to actual HTML.

Next:We use HtmlEncode and HtmlDecode in a C# program. The System.Net assembly is included at the top of the program.

HtmlEncode and HtmlDecode methods: C#

using System;
using System.Net;

class Program
{
    static void Main()
    {
	string a = WebUtility.HtmlEncode("<html><head><title>T</title></head></html>");
	string b = WebUtility.HtmlDecode(a);

	Console.WriteLine("After HtmlEncode: " + a);
	Console.WriteLine("After HtmlDecode: " + b);
    }
}

Output

After HtmlEncode:
&lt;html&gt;&lt;head&gt;&lt;title&gt;T&lt;/title&gt;&lt;/head&gt;&lt;/html&gt;

After HtmlDecode:
<html><head><title>T</title></head></html>

Example 2

Next, HtmlEncode and HtmlDecode are also built into the Server objects in ASP.NET. These methods have no advantages over the HttpUtility methods. They are equivalent. We present an example that uses them in a Page class.

ASPX code-behind file that encodes HTML: C#

using System;
using System.IO;
using System.Web;
using System.Web.UI;

public partial class _Default : Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
	// This could mess up HTML.
	string text = "you & me > them"; // 1

	// Replace > with >
	string htmlEncoded = Server.HtmlEncode(text); // 2

	// Now has the > again.
	string original = Server.HtmlDecode(htmlEncoded); // 3

	// This is how you can access the Server in any class.
	string alsoEncoded = HttpContext.Current.Server.HtmlEncode(text); // 4

	StringWriter stringWriter = new StringWriter();
	using (HtmlTextWriter writer = new HtmlTextWriter(stringWriter))
	{
	    // Write a DIV with encoded text.
	    writer.RenderBeginTag(HtmlTextWriterTag.Div);
	    writer.WriteEncodedText(text);
	    writer.RenderEndTag();
	}
	string html = stringWriter.ToString(); // 5
    }
}

Notes

Step 1: Before encoding has occurred.
String: you & me > them

Step 2: The string is encoded for HTML.
String: you &amp; me &gt; them

Step 3: String is converted back from HTML.
String: you & me > them

Step 4: The string is encoded for HTML again.
String: you &amp; me &gt; them

Step 5: The HTML string is written into a DIV.
Text:   <div>you &amp; me &gt; them</div>
Steps

In this example, we see three different methods. The first two just return an encoded or decoded string, and the HtmlTextWriter uses an interesting method called WriteEncodedText.

Note:This may be more efficient, as it could avoid a string copy. I tested these methods with breakpoints.

HtmlTextWriter

The WebUtility class is a better way to encode HTML and URLs in programs. You will want to call WebUtility.HtmlDecode and WebUtility.HtmlEncode on your strings. It is also possible to use the HttpUtility class.

Performance

Performance optimization

In my brief benchmarks, I found Server.HtmlEncode and Server.HtmlDecode to be much faster than my home-grown version that used StringBuilder. Unless you want create a better implementation, it is best to use these Framework methods.

StringBuilder

Summary

Framework: NET

These methods provide reliable replacement of HTML characters and are available in all your .NET programs. HtmlEncode and HtmlDecode also handle character entities. These are sequences that represent non-ASCII characters.

Tip:These methods are also available on the HttpUtility type. More information on the HttpUtility type is available.

HttpUtility

C#: File: HTML