Server.htmlEncode - Include html in database string

Hi I have the details of a news page coming from a database.  

When i add the details to the database, I do a Server.htmlEncode on the string before it is added to the database.  
But then i discovered that if i wanted to include html code for a link in the string when displayed on the news page it displayed the html instead of the link.

<a href="/news/">News</a> is being displayed instead of just News.

Any idea's?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

First of all, I would not do a Sever.HTMLEncode before storing things in a database. That will cause problems when you want to update the string. Just store everything in the database as it is written. Encode it eventually when you display it.

Secondly: why do you want to Encode the string?. If you want to remove certain tags, such as <script> tags, you will have to do that specifically.
harris9999Author Commented:

I have taken away the server.htmlencode beforestoring the string in the database and just put it before the output.
But a link i placed in the string is being displayed as <a href="/link/">News</a>  instead of an active link displaying just News.

I encode the string because the page has to be xhtml compliant and quiote often when adding to the news page the user would just copy and paste from a word document, but the apostrophe in word is different and when a check is run for xhtml compliance it displays an error.  But when i added the server.htmlencode it passed the xhtml test.
If you want to output HTML and have it rendered as HTML then using Server.HTMLEncode will never work because this will always converted HTML characters into HTML entities.

You have to store unencoded HTML and output unencoded HTML - you have no choice there.

> But when i added the server.htmlencode it passed the xhtml test.

Well that seems like a bit dodgy bit of functionality to rely on. There are plenty of instances when I wouldn't rely on that working. For example XHTML singleton tags like <br> must include a trailing blackslash. So "<br>" is not valid XHTML but "<br/>" is.

Server.HTMLEncode won't help you there.

You have to think of a different approach - using Server.HTMLEncode is simply not an option for you.

I can think of two possibilities:

- Write some custom functionality to explicitly check the HTML string for XHTML compliance (LOTS of work).
- Forget about making your output XHTML compliant (absolutely no work at all!!).
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

harris9999Author Commented:
Ok, i will do a small check for xhtml compliane, the apostrophes the one item that causing me problems.  Specifically it is apostrophes that are pasted form word documents when adding details to a new item.  What is the ASCII code for them?

A regular apostrophe is chr(39) but Word has the magical ability to generate weird and wonderful characters...
harris9999Author Commented:
Yeah it is the curly one i am having the trouble with.  Need to know some way of replaceing it.
Have a look in an ASCII reference.

I use ASCIIcat which you can download here:

There's an HTML help file version (asciicat.exe) and a PDF version (asciicat.pdf).
harris9999Author Commented:
Yeah from that i see that it is &rsquo; for the apostrophe but when i replace it it does not pick up the apostrophe when it is pasted from the word document.

The ones i have tried are:

                  strText = replace(rs.fields("Details"),"&#8217;","'")
                  strText = replace(strText,"&","&amp;")
                  strText = replace(strText,"&#8217;","'")
                  strText = replace(strText,"&rsquo;","'")
                  strText = replace(strText,"‘","'")
"&rsquo;" is the HTML entity for the character but your string will only contain this if it's been HTML-encoded.

In raw, un-encoded form this character has ASCII value 146.

So maybe in place of:

strText = replace(strText,"&rsquo;","'")


strText = replace(strText, Chr(146),"'")

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
harris9999Author Commented:
Thanks, that sorted the problem.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Languages and Standards

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.