I am using the following method to
text that it's in
Spanish, like this:
string word = "configuración";string encodedWord = System.Net.WebUtility.HtmlEncode(word);
The output is the expected:
ó text represents the HTML entity number for a latin small letter "o" with acute.
However, I want to know if there is a way - using a built-in function which I don't know, library, etc - to show the HTML entity name of the HTML entity number and also support other characters (like a generic solution).
What I've tried so far is to check for a HTML entities table (there were many when Googling but I used this one: http://www.ascii.cl/htmlcodes.htm) then created a custom
method for replacing the needed
string from the word by doing some mapping.
So, if the word contains
ó then the matching text will be replaced to it's HTML entity name which is
oacute; but it is really painful since there are plenty of cases/scenarios.
Finally, the desired output will be:
I'm sure the answer is trivial (or some historic, legacy reason) but I'm wondering why do we need to encode HTML special characters like €, ä in html if browser can display them as they are. Of course characters like <, >, ', " must be encoded/escaped as they represent starting of html tags.
<!DOCTYPE html><html> <head> <meta charset="UTF-8"> </head> <body> < <!-- this must be encoded as < represents a start of a html tag--> € <!-- why does this symbol needs to be html encoded, as browser with utf-8 charset displays it ok --> 파일 선택 <!-- not html encoded, as is --> ä -> ä </body></html>
Apparently, this is harder to find than I thought it would be. And it even is so simple...
For those unfamiliar with PHP, htmlspecialchars translates stuff like
I know that
encodeURI() do not work this way.
I am using d3 to generate svg and end up with markup similar to the following:
<text class="rule" text-anchor="middle">&pound;10K</text>
Compare to similar html that renders as expected.
<div> £20,160 - £48,069</div>
Is there a property I need to set on the svg tag to get a similar type of encoding? I tried adding a meta tag to the page
<meta name="content" content="application/xhtml+xml; charset=utf-8" /> but this did not work.
I just ran across a question with an answer suggesting the AntiXss library to avoid cross site scripting. Sounded interesting, reading the msdn blog, it appears to just provide an HtmlEncode() method. But I already use HttpUtility.HtmlEncode().
Why would I want to use AntiXss.HtmlEncode over HttpUtility.HtmlEncode?
Well, that's nice, but what does it mean for me? I don't care so much about the performance of 0.1ms and I don't really feel like downloading and adding another library dependency for functionality that I already have.
Are there examples of cases where the AntiXss implementation would prevent an attack that the HttpUtility implementation would not?
If I continue to use the HttpUtility implementation, am I at risk? What about this 'bug'?