Menu
I am creating a some dynamically generated HTML
bldr.AppendLine("<a>"); string userText = user.Company; bldr.AppendLine(userText); bldr.AppendLine("</a>"); How can I ensure that whatever the company's name is, will appear as it should, but also if they try to inject any HTML in thier name it will simply appear in plain text.
For instance if they tried to use the name "<script>alert("Do Bad!")</script>" that's exactly what will appear on the page, in plain text.
But I also want to avoid "A & C" translating to "A \u0026 C", which is what happens when I use
HttpUtility.JavaScriptStringEncode(user.Company); 
592
The parseFromString() method of the DOMParser interface converts a string which contains HTML and returns as an HTMLDocument. OUTPUT: You can see that the HTML string is converted to an HTML element as a DOM node. Now, you can use the methods of DOM nodes like appendChild() to use the result.
You can use the same class HttpUtility you have use to javascript, but, for html , for sample: bldr. AppendFormat("<a>{0}</a>\n", HttpUtility. HtmlEncode(user.
You can use the same class HttpUtility you have use to javascript, but, for html, for sample:
bldr.AppendFormat("<a>{0}</a>\n", HttpUtility.HtmlEncode(user.Company)); There is also the inverse way using HttpUtility.HtmlDecode(string).
93
An alternative without a dependency to System.Web:
System.Net.WebUtility.HtmlEncode() If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
