Search code examples
asp.nethtml-encode

Is it necessary to html encode right angle brackets?


I'm adding some meta description data to my header like so:

HtmlMeta meta = new HtmlMeta();
meta.Name = "description";
meta.Content = description; // this is unencoded
page.Header.Controls.Add(meta);

And .net helpfully encodes things like & and <, but not >. Now, I can't imagine that this would be an oversight, so I conclude that it's unnecessary to escape them. But before I go back to the client with that answer, it would be nice to get confirmation by Some Strangers From The Intarwebs first :)


Solution

  • According to the XML specification > is indeed valid for attributes. Only <, & and " or ' need escaping.

    [10]    AttValue    ::=    '"' ([^<&"] | Reference)* '"'
                             | "'" ([^<&'] | Reference)* "'"