Rick Strahl rolled his own encoding method, due to problems and inconsistencies with .NET's way of encoding things. Check out his post on Html and Uri String Encoding without System.Web.

由于 .NET 编码方式的问题和不一致，Rick Strahl 推出了他自己的编码方法。查看他关于Html 和 Uri String Encoding without System.Web 的帖子。

UPDATE:After checking out the links provided by the other answers, the AntiXSS library provided by Microsoft seems like an ideal solution to this problem. They've made the source of AntiXSS 4.3 available on Codeplex: http://antixss.codeplex.com/

更新：查看其他答案提供的链接后，Microsoft 提供的 AntiXSS 库似乎是此问题的理想解决方案。他们在 Codeplex 上提供了 AntiXSS 4.3 的源代码：http: //antixss.codeplex.com/

The AntiXSS Library includes helpful methods for encoding HTML, URLs, JavaScript, and XML. It's based on a secure whitelist model, so anything not allowed in the specifications is prohibited.

AntiXSS 库包括对 HTML、URL、JavaScript 和 XML 进行编码的有用方法。它基于安全的白名单模型，因此禁止规范中不允许的任何内容。

Note that according to the release notes for 4.3, June 2014, this is the last release that will contain a sanitizer, due to the negative feedback it got from the user community for being overly aggressive. So if it's a sanitizer you want, you should look at AntiSamyor building your own with the HTML agility pack.

请注意，根据 2014 年 6 月 4.3 的发行说明，这是最后一个包含消毒剂的版本，因为它从用户社区那里得到了过于激进的负面反馈。因此，如果它是您想要的消毒剂，您应该查看AntiSamy或使用HTML 敏捷包构建您自己的消毒剂。

Can you include this? It has an alternative Encode method.

你能包括这个吗？它有一个替代的编码方法。

You could look at AntiXSS. It has it's own encoding mechanisms and is meant to be a replacement for the framework's HtmlEncode.

你可以看看AntiXSS。它有自己的编码机制，旨在替代框架的 HtmlEncode。

I'm a fan of the AntiXSS library as well, but its worth mentioning that .net v4 includes a new utility class for encoding in System.dll. So if you have the option of moving to .net v4, you can use the client profile.

我也是 AntiXSS 库的粉丝，但值得一提的是，.net v4 包含一个新的实用程序类，用于在 System.dll 中进行编码。因此，如果您可以选择迁移到 .net v4，则可以使用客户端配置文件。

System.Net.WebUtility.HtmlEncode

System.Net.WebUtility.HtmlEncode