The EncodeHtml function is a built-in function that returns a string with all the reserved characters translated in order to be used in HTML literals.

Input parameters

t: Text Type

Output parameters

Text Type




EncodeHTML( "<>" )


EncodeHTML( "another' test" )

another' test

EncodeHTML( "another"" test" )

another&quot; test

EncodeHTML( "Hello" + NewLine() )

Hello <br/>


Using un-escaped expressions without encoding distrusted variables (e.g. user input) compromises the end-user security by allowing HTML and JavaScript injection as well as cross-scripting.

You should use this function when managing un-escaped expressions. For example, suppose you want to evaluate some HTML code in your screen and you need to use MyVar on that code. You have to create an expression, with an Escape Content property of No, with the following value:

"<input type=""hidden"" name = ""SomeName"" value = """ + EncodeHTML(MyVar) + """>"

See Also

Un-escaped Expressions | Available Text Functions | Available Built-in Functions