开发者

HtmlEncode in C#

Is there any way to html encode some text without using System.Web.HttpUtility.HtmlEncode method? I wan开发者_Go百科t to deploy my desktop application using .NET 3.5 Client Profile and the problem is that System.Web.dll it's not part of the .NET 3.5 Client Profile so I have to find an workaround.


I'm a fan of the AntiXSS library as well, but its worth mentioning that .net v4 includes a new utility class for encoding in System.dll. So if you have the option of moving to .net v4, you can use the client profile.

System.Net.WebUtility.HtmlEncode


Rick Strahl rolled his own encoding method, due to problems and inconsistencies with .NET's way of encoding things. Check out his post on Html and Uri String Encoding without System.Web.

UPDATE: After checking out the links provided by the other answers, the AntiXSS library provided by Microsoft seems like an ideal solution to this problem. They've made the source of AntiXSS 4.3 available on Codeplex: http://antixss.codeplex.com/

The AntiXSS Library includes helpful methods for encoding HTML, URLs, JavaScript, and XML. It's based on a secure whitelist model, so anything not allowed in the specifications is prohibited.

Note that according to the release notes for 4.3, June 2014, this is the last release that will contain a sanitizer, due to the negative feedback it got from the user community for being overly aggressive. So if it's a sanitizer you want, you should look at AntiSamy or building your own with the HTML agility pack.


Can you include this? It has an alternative Encode method.


You could look at AntiXSS. It has it's own encoding mechanisms and is meant to be a replacement for the framework's HtmlEncode.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜