Html Encode method encodes a particular string to be displayed in a browser. It is important to encode strings prior it’s rendering in the page, mainly to avoid cross-site script injection (XSS) and HTML injection attacks. However, developers so often forget to call the encode function.
Html Decode method decodes a particular string which is encoded.
Encoding and decoding is needed in somewhere like
- Pass the values from one page to another.
- Access the URL or pass the URL.
- Fetch the data or insert data in Database.
- Read the xml data or insert data in xml.
- Change the special character from string
- And security purpose etc.
In ASP.Net we used the following encode and decode method:
- Server.HtmlEncode()
- Server.HtmlDecode()
- Server.HtmlUrlEncode()
- Server.HtmlUrlDecode ()
- HttpUtility.UrlEncode()
- HttpUtility.UrlDecode ()
How Use these method in ASP.Net
Server.HtmlEncode():
Syntax:
And
Example:
string strData="?data??";
Response.Write(Server.HtmlEncode(strData)); //Encode the value here
Server.HtmlDecode()
Syntax:
And
Example:
string strData="?data??";
Response.Write(Server.HtmlDecode(strData)); //Decode the value here
Server.HtmlUrlEncode()
This function is used for encode the URL
Syntax:
We pass the other parameter as:
string HttpUtility.UrlEncode(byte[] bytes), string HttpUtility.UrlEncode(byte[] bytes,System.Text.Encoding e)and string HttpUtility.UrlEncode(byte[] bytes,int offset,int count)
Example:
string strUrl=Request.Url.ToString();//Request.Url get the url
Response.Write("<font color='green'>URL is:</font> " + strUrl +"<br/>");
Response.Write("<font color='green'>Encoded URL is: </font>" + HttpUtility.UrlEncode(strUrl));//Encoded Url Here
Output:
Server.HtmlUrlDecode ()
This function is used for decode the encoded URL
Syntax:
We pass the other parameter as:
string HttpUtility.UrlDecode(byte[] bytes), string HttpUtility.UrlDecode(byte[] bytes,System.Text.Encoding e)and string HttpUtility.UrlDecode(byte[] bytes,int offset,int count)
Example:
string strUrl=Request.Url.ToString();//Request.Url get the url
Response.Write("<font color='green'>URL is:</font> " + strUrl +"<br/>");
Response.Write("<font color='green'>Encoded URL is: </font>" + HttpUtility.UrlEncode(strUrl) + "<br/>");//Encoded Url Here
Response.Write("<font color='green'>Decoded URL is: </font>" + HttpUtility.UrlDecode(HttpUtility.UrlEncode(strUrl)));//Decoded Url Here
Output:
HttpUtility.UrlEncode() and HttpUtility.UrlDecode ()
Both method work same as to Server.HtmlUrlEncode() and Server.HtmlUrlDecode() respectively.
Note:
In Latest version ASP.Net 4.0, we write the code more concise way
Example:
<p><%=Server.HtmlEncode(strData); %> or
<%=HttpUtility.UrlEncode(strData); %></p>
But in Asp.net 4.0 we use as <%: strData %>, it is similar to both
This is the simple concept on encoding and decoding in ASP.Net.
Anonymous User
23-Feb-2019Thank You for the post.
Manish Kumar
06-Jul-2017Thanks for sharing informative post.
Your words increase my knowledge for sure. Thanks