How to render single quote in safe way

I saw in a tutorial video that we should use Html.Encode in our views to prevent malicious injections. However, when the text that I'm encoding contains the ' character (for example Dog's) the output in the browser is Dog#39;s. I would have thought every potenti开发者_开发知识库ally dangerous character would be remaped to some safe code that the browser would render correctly. Is this not the case? How can I get ' to show up in the browser but in an HTML safe way?

The @ in Razor automatically encodes for you, meaning that you probably did a double encode. Example:

@Html.Encode("This is \"safe\"")

is more or less the same as

@{Response.Write(Html.Encode(Html.Encode("This is \"safe\"")));}

Dunno if that last one works in Razor though.

If you are using ASP.NET MVC 2 <%: %> is already encoding the value for you In Razor (MVC 3) @ encodes the values for you so you do not need to wrap the output in Html.Encode

Make sure that you are not double encoding