The correct way to encode an HTML page header

Question

The correct way to encode an HTML page header

I have an ASP.NET WebForms application. I set the page title based on the content from my database.

As this content is entered by the user, it can contain any characters, including those that can be interpreted as HTML markup. So I am HTML coding this content before setting the header.

But I see that this causes problems, creating too encrypted results:

<title>Hoigaard&amp;#39;s Nordic Walking Tuesdays</title>

What is the correct way to safely encode text used to set a title tag?

+4

html asp.net webforms

Jonathan wood Aug 22 '12 at 15:06

source share

2 answers

Use some function similar to PHP htmlspecialchars() function:

 <% ' Copyright (c) 2009, reusablecode.blogspot.com; some rights reserved. ' This work is licensed under the Creative Commons Attribution License. ' Convert special characters to HTML entities. function htmlspecialchars(someString) ' Critical that ampersand is converted first, since all entities contain them. htmlspecialchars = replace(replace(replace(replace(someString, "&", "&amp;"), ">", "&gt;"), "<", "&lt;"), """", "&quot;") end function %>

source: http://snipplr.com/view/12207/htmlspecialchars/

0

feeela Aug 22 '12 at 15:16

source share

mellamokb · Accepted Answer · 2012-08-22T15:18:06+0000

I tested this, and it seems that installing Page.Title already encoding. Thus, your extra encoding produces double-encoded results. Just set Page.Title directly:

 Page.Title = "Test & Testing";

result:

 <title>Test &amp; Testing</title>

The correct way to encode an HTML page header

More articles: