I was doing a bit of training on ASP.NET MVC 3 with Razor when the discussion turned to encoding HTML output. This discussion can actually get fairly involved ( well, interesting at least ) when one continues the discussion with HTML Encoding Nuggets, Html.Raw in ASP.NET MVC 3, MvcHtmlString, and so forth, but let's just tackle the basics in a quick blog post on HtmlString, IHtmlString, and HttpUtility.HtmlEncode. Note that HtmlString and IHtmlString were introduced in .NET Framework 4.
HtmlString, IHtmlString, and HttpUtility.HtmlEncode
There are times when you don't want output to be HTML encoded. Think of a blog engine, for example, where you have a lot of HTML tags in a blog post that needs to be emitted as HTML. If you send a normal string with HTML tags to HttpUtility.HtmlEncode, the string will be HTML encoded to protect you from XSS attacks and other security exploits.
Read more: David hayden
HtmlString, IHtmlString, and HttpUtility.HtmlEncode
There are times when you don't want output to be HTML encoded. Think of a blog engine, for example, where you have a lot of HTML tags in a blog post that needs to be emitted as HTML. If you send a normal string with HTML tags to HttpUtility.HtmlEncode, the string will be HTML encoded to protect you from XSS attacks and other security exploits.
Read more: David hayden