HTMLencode HTMLdecode

Question

I have a text area and I want to store the text entered by user in database with html formatting like paragraph break, numbered list. I am using HTMLencode and HTMLdecode for this.

Sample of my code is like this:

string str1 = Server.HtmlEncode(TextBox1.Text);
Response.Write(Server.HtmlDecode(str1));

If user entered text with 2 paragraphs, str1 shows characters \r\n\r\n between paragraphs. but when it writes it to screen, just append 2nd paragraph with 1st. While I'm decoding it, why doesn't it print 2 paragraphs?

Answer 1

The simple solution would be to do:

string str1 = Server.HtmlEncode(TextBox1.Text).Replace("\r\n", "<br />");

This is assuming that you only care about getting the right <br /> tags in place. If you want a real formatter you will need a library like Aaronaught suggested.

Answer 2

That's not what HtmlEncode and HtmlDecode do. Not even close.

Those methods are for "escaping" HTML. < becomes <, > becomes >, and so on. You use these to escape user entered input in order to avoid Cross-Site Scripting attacks and related issues.

If you want to be able to take plain-text input and transform it into HTML, consider a formatting tool like Markdown (I believe that Stack Overflow uses MarkdownSharp).

If all you want are line breaks, you can use text.Replace("\r\n", "<br/>"), but handling more complex structures like ordered lists is difficult, and there are already existing tools to handle it.