ASP.NET Server.HtmlEncode Limitations

Question

I'm using Server.HTMLEncode to encode my HTML.

I notice it dosn't escape single quotes, which is a limitation if your using single quotes in your html e.g. <input type='text' .... />

(I've checked this is valid XHTML).

Are there any other limitations or things to note about Server.HTMLEncode, in particular any characters that are not valid XHTMl that this method dosn't deal with?

Answer 1

MSDN says Server.HTMLEncode only does the following:

• The less-than character (<) is converted to &lt ;.
• The greater-than character (>) is converted to &gt ;.
• The ampersand character (&) is converted to &amp ;.
• The double-quote character (") is converted to &quot ;.
• Any ASCII code character whose code is greater-than or equal to 0x80 is converted to &#< number>, where number is the ASCII character value.