Why is SPHttpUtility.HtmlEncode preferred to HttpUtility.HtmlEncode?

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/137140

  •  02-10-2020
  •  | 
  •  

Question

The SharePoint Code Analysis Framework rule SPC020220: Do not call 'HttpUtility.HtmlEncode' states that:

The assembly should not call HttpUtility.HtmlEncode(string) to encode strings [and that] SPHttpUtility.HtmlEncode [should be used] instead.

I don't understand the rationale. If I understand correctly, both methods perform the same thing. According to MSDN:

The HtmlEncode method replaces ampersand, double-quotation, single-quotation, less-than, and greater-than characters with the appropriate entity references.

So does HttpUtility.HtmlEncode(string).

  • Why preferring the first to the second?

  • What is a case where two methods will perform differently?

Était-ce utile?

La solution

The reason is explained in the link you had given.

"The .NET Framework HttpUtility encoding library does not encode all characters sufficiently. For example, SPHttpUtility in SharePoint encodes a single quotation mark as ' but .NET Framework HttpUtility does not encode the single quotation mark."

Apart from that, there isn't much preference i guess. The SPHttpUtility.HtmlEncode encodes few other characters that the HttpUtility does not encode.

Licencié sous: CC-BY-SA avec attribution
Non affilié à sharepoint.stackexchange
scroll top