HTML.Encode but preserve line breaks
Use HttpUtility.HtmlEncode then do the replace. @Html.Raw(HttpUtility.HtmlEncode(Message).Replace(“\n”, “<br/>”))
html-encode
Converting HTML entities to Unicode Characters in C#
I recommend using System.Net.WebUtility.HtmlDecode and NOT HttpUtility.HtmlDecode. This is due to the fact that the System.Web reference does not exist in Winforms/WPF/Console applications and you can get the exact same result using this class (which is already added as a reference in all those projects). Usage: string s = System.Net.WebUtility.HtmlDecode(“é”); // Returns é
Html encode in PHP
By encode, do you mean: Convert all applicable characters to HTML entities? htmlspecialchars or htmlentities You can also use strip_tags if you want to remove all HTML tags : strip_tags Note: this will NOT stop all XSS attacks
C# HTMLDecode without System.Web possible?
Developers who need to use System.Web.HttpUtility in their client apps and had to reference System.Web.dll and therefore target NET4 full (System.Web.dll is in Full) , can now target the NET4 Client Profile by using the new System.Net.WebUtility class which is in System.dll (System.dll is in NET4 Client Profile). System.Net.WebUtility includes HtmlEncode and HtmlDecode. Url encoding … Read more
What is the difference between AntiXss.HtmlEncode and HttpUtility.HtmlEncode?
I don’t have an answer specifically to your question, but I would like to point out that the white list vs black list approach not just “nice”. It’s important. Very important. When it comes to security, every little thing is important. Remember that with cross-site scripting and cross-site request forgery , even if your site … Read more
How to reverse htmlentities()?
If you use htmlentities() to encode, you can use html_entity_decode() to reverse the process: html_entity_decode() Convert all HTML entities to their applicable characters. html_entity_decode() is the opposite of htmlentities() in that it converts all HTML entities in the string to their applicable characters. e.g. $myCaption = ‘áéí’; //encode $myCaptionEncoded = htmlentities($myCaption, ENT_QUOTES); //reverse (decode) $myCaptionDecoded … Read more
How to remove html special chars? [duplicate]
Either decode them using html_entity_decode or remove them using preg_replace: $Content = preg_replace(“/&#?[a-z0-9]+;/i”,””,$Content); (From here) EDIT: Alternative according to Jacco’s comment might be nice to replace the ‘+’ with {2,8} or something. This will limit the chance of replacing entire sentences when an unencoded ‘&’ is present. $Content = preg_replace(“/&#?[a-z0-9]{2,8};/i”,””,$Content);
Will HTML Encoding prevent all kinds of XSS attacks?
No. Putting aside the subject of allowing some tags (not really the point of the question), HtmlEncode simply does NOT cover all XSS attacks. For instance, consider server-generated client-side javascript – the server dynamically outputs htmlencoded values directly into the client-side javascript, htmlencode will not stop injected script from executing. Next, consider the following pseudocode: … Read more
Converting & to & etc
System.Web.HttpUtility.HtmlDecode() Edit: Note from here that “To encode or decode values outside of a web application, use…” System.Net.WebUtility.HtmlDecode()
is there a way to highlight all the special accent characters in sublime text or any other text editor?
Yes. Sublime text supports regular expression and you can select all non-ASCII (code point > 128) characters. This regex find should be enough for you: [^\x00-\x7F] Just search and replace. But if you are doing manual HTML encode in the first place you are doing it wrong. Save your files as UTF-8 encoding (Sublime Text … Read more