Why is SPHttpUtility.HtmlEncode preferred to HttpUtility.HtmlEncode?

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/137140

  •  02-10-2020
  •  | 
  •  

Question

The SharePoint Code Analysis Framework rule SPC020220: Do not call 'HttpUtility.HtmlEncode' states that:

The assembly should not call HttpUtility.HtmlEncode(string) to encode strings [and that] SPHttpUtility.HtmlEncode [should be used] instead.

I don't understand the rationale. If I understand correctly, both methods perform the same thing. According to MSDN:

The HtmlEncode method replaces ampersand, double-quotation, single-quotation, less-than, and greater-than characters with the appropriate entity references.

So does HttpUtility.HtmlEncode(string).

  • Why preferring the first to the second?

  • What is a case where two methods will perform differently?

Was it helpful?

Solution

The reason is explained in the link you had given.

"The .NET Framework HttpUtility encoding library does not encode all characters sufficiently. For example, SPHttpUtility in SharePoint encodes a single quotation mark as ' but .NET Framework HttpUtility does not encode the single quotation mark."

Apart from that, there isn't much preference i guess. The SPHttpUtility.HtmlEncode encodes few other characters that the HttpUtility does not encode.

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top