ansaurus

Question

Alternative to System.Web.HttpUtility.HtmlEncode/Decode?

Answer 1

A:

For XML you just have to encode the characters that have a special meaning, so you could get away with something simple like:

public static string XmlEncode(string value) {
  return value
    .Replace("<", "&lt;")
    .Replace(">", "&gt;")
    .Replace("\"", "&quot;")
    .Replace("'", "&apos;")
    .Replace("&", "&amp;");
}

public static string XmlDecode(string value) {
  return value
    .Replace("&lt;", "<")
    .Replace("&gt;", ">")
    .Replace("&quot;", "\"")
    .Replace("&apos;", "'")
    .Replace("&amp;", "&");
}

Guffa 2010-05-06 08:34:17

My Q wasn't actually entirely clear, but that -was- my usecase. Thanks!

Jörg B. 2010-05-06 12:30:01

That `XmlDecode` doesn't even begin to cover XML's character and entity references (http://www.w3.org/TR/xml/#sec-references), nevermind `CDATA` sections etc.

Josef 2010-10-28 12:03:06

Answer 2

+1 A:

If possible you can "borrow" the HttpUtility class from Mono code and compile it directly a your utility assembly.

munissor 2010-05-06 08:35:56

Answer 3

+1 A:

Although encoding might seem simple, I strongly recommend to use a library that is in wide-spread use to minimize the risk of security vulnerabilities. Microsoft's Anti-Cross Site Scripting Library provides methods for Html/Xml/Javascript escaping and the respective attribute escapes and should cover most of your web needs.

Josef 2010-05-06 08:43:14

Answer 4

+2 A:

In .NET Framework 4.0, System.Net.WebUtility.HtmlEncode perhaps? Do note that this class is located in System.dll and not System.Web.dll.

Ion Todirel 2010-05-06 09:34:19

ansaurus

tags:

views:

answers:

Alternative to System.Web.HttpUtility.HtmlEncode/Decode?

related questions