Try this.

尝试这个。

var encodedHtml = HttpContext.Current.Server.HtmlEncode(...);

System.Web.HttpUtility.HtmlEncode(string)

System.Web.HttpUtility.HtmlEncode(string)

Don't know if there's an exact replacement, but there is a method HtmlUtility.HtmlEncodethat replaces special characters with their HTML equivalents. A close cousin is HtmlUtility.UrlEncodefor rendering URL's. You could also use validator controls like RegularExpressionValidator, RangeValidator, and System.Text.RegularExpression.Regexto make sure you're getting what you want.

不知道是否有确切的替换，但有一种方法HtmlUtility.HtmlEncode可以用它们的 HTML 等效项替换特殊字符。一个近亲HtmlUtility.UrlEncode用于呈现 URL。您还可以使用RegularExpressionValidator、RangeValidator、 等验证器控件，System.Text.RegularExpression.Regex以确保获得所需的内容。

Actually, you might want to try this method:

实际上，您可能想尝试以下方法：

HttpUtility.HtmlAttributeEncode()

Why? Citing the HtmlAttributeEncode page at MSDN docs:

为什么？引用MSDN 文档中的HtmlAttributeEncode 页面：

The HtmlAttributeEncode method converts only quotation marks ("), ampersands (&), and left angle brackets (<) to equivalent character entities. It is considerably faster than the HtmlEncode method.

HtmlAttributeEncode 方法仅将引号 (")、与号 (&) 和左尖括号 (<) 转换为等效的字符实体。它比 HtmlEncode 方法快得多。

In an addition to the given answers: When using Razor view engine(which is the default view engine in ASP.NET), using the '@' character to display values will automatically encode the displayed value. This means that you don't have to use encoding.

除了给定的答案：使用Razor 视图引擎（这是 ASP.NET 中的默认视图引擎）时，使用“@”字符显示值将自动对显示值进行编码。这意味着您不必使用编码。

On the other hand, when you don'twant the text being encoded, you have to specify that explicitly (by using @Html.Raw). Which is, in my opinion, a good thing from a security point of view.

在另一方面，当你不希望被编码的文本，您必须指定明确（通过使用@ Html.Raw）。在我看来，从安全的角度来看，这是一件好事。