The legacy wiki pages are here for reference purposes only.
For up-to-date information make sure to check the documentation section.

This is a pretty standard method, the same as you would use in day to day .NET code - Takes a string and makes sure to escape any HTML inside it so it can safely be displayed in the browser.

XSLT Example

<xsl:variable name="HTML"><![CDATA[
<p>This is a paragraph of <abbr title="HyperText Markup Language">HTML</abbr></p>
<xsl:value-of select="umbraco.library:HtmlEncode($HTML)" disable-output-escaping="yes" />

Will output the following to the browser:

&lt;p&gt;This is a paragraph of &lt;abbr title=&quot;HyperText Markup Language&quot;&gt;HTML&lt;/abbr&gt;&lt;/p&gt;

Which, of course will be rendered as code you can read (as opposed to actual HTML):

<p>This is a paragraph of <abbr title="HyperText Markup Language">HTML</abbr></p>

Note: You’ll need the disable-output-escaping attribute on the <xsl:value-of /> instruction when writing this out, otherwise the XSLT processor will actually escape the ampersand characters (&) and you’ll see escaped output in the browser.

This method makes most sense when you’ve got input from e.g. a comment form and you don’t allow any HTML code in the comments. is the community mothership for Umbraco, the open source cms. With a friendly forum for all your questions, a comprehensive documentation and a ton of packages from the community.