I'm having some problems with Html.Encode
and users wanting to use special characters. Firstly the characters are replaced by the html codes and so are not displayed properly. And then, if the text is later edited and re-submitted, an exception is thrown when these html codes are re-submitted.
Given that this is an intranet site and the possibility of a deliberate attack is almost non-existant, is there really any risk to not using Html.Encode
? Is there any possiblity that someone would inadvertently submit some special characters which cause problems?
Or is there a better way around this problem?