C＃中的HtmlEncode

Question

Is there any way to html encode some text without using System.Web.HttpUtility.HtmlEncode method? I want to deploy my desktop application using .NET 3.5 Client Profile and the problem is that System.Web.dll it's not part of the .NET 3.5 Client Profile so I have to find an workaround.

Answer 1

I'm a fan of the AntiXSS library as well, but its worth mentioning that .net v4 includes a new utility class for encoding in System.dll. So if you have the option of moving to .net v4, you can use the client profile.

System.Net.WebUtility.HtmlEncode

Answer 2

Rick Strahl rolled his own encoding method, due to problems and inconsistencies with .NET's way of encoding things. Check out his post on Html and Uri String Encoding without System.Web .

UPDATE: After checking out the links provided by the other answers, the AntiXSS library provided by Microsoft seems like an ideal solution to this problem. They've made the source of AntiXSS 4.3 available on Codeplex: http://antixss.codeplex.com/

The AntiXSS Library includes helpful methods for encoding HTML, URLs, JavaScript, and XML. It's based on a secure whitelist model, so anything not allowed in the specifications is prohibited.

Note that according to the release notes for 4.3, June 2014, this is the last release that will contain a sanitizer, due to the negative feedback it got from the user community for being overly aggressive. So if it's a sanitizer you want, you should look at AntiSamy or building your own with the HTML agility pack .

Answer 3

Can you include this ? It has an alternative Encode method.

Answer 4

You could look at AntiXSS . It has it's own encoding mechanisms and is meant to be a replacement for the framework's HtmlEncode.