x First time here? Check out the FAQ

Come work for Umbraco - The Umbraco HQ are hiring Project managers, .NET developers and DevOps people!

HtmlEncode

    This is a pretty standard method, the same as you would use in day to day .NET code - Takes a string and makes sure to escape any HTML inside it so it can safely be displayed in the browser.

    XSLT Example

    <xsl:variable name="HTML"><![CDATA[
    <p>This is a paragraph of <abbr title="HyperText Markup Language">HTML</abbr></p>
    ]]></xsl:variable>
    <xsl:value-of select="umbraco.library:HtmlEncode($HTML)" disable-output-escaping="yes" />
    

    Will output the following to the browser:

    &lt;p&gt;This is a paragraph of &lt;abbr title=&quot;HyperText Markup Language&quot;&gt;HTML&lt;/abbr&gt;&lt;/p&gt;
    

    Which, of course will be rendered as code you can read (as opposed to actual HTML):

    <p>This is a paragraph of <abbr title="HyperText Markup Language">HTML</abbr></p>
    

    Note: You’ll need the disable-output-escaping attribute on the <xsl:value-of /> instruction when writing this out, otherwise the XSLT processor will actually escape the ampersand characters (&) and you’ll see escaped output in the browser.

    This method makes most sense when you’ve got input from e.g. a comment form and you don’t allow any HTML code in the comments.


    Related pages

      Related forum topics

        Related projects