New Post: Best practices for escaping strings to be XML compliant.

Hi all;

I am busy integrating an old MVC application into a Composite (version 4, beta 2) website. I have hit the initial "problem" of having & characters and such in my urls etc. @burningice was kind enough to alert me to this.

I was wondering if there was a standard practice and/or helper that I could use when outputing strings into my html. Could I just use the standard Html.Encode method? This seems to delegate down to WebUtility which then replaces the characters as so:

 case '<':
     output.Write("&lt;");
     break; 
 case '>':
     output.Write("&gt;"); 
     break; 
 case '"':
     output.Write("&quot;"); 
     break;
 case '\'':
     output.Write("&#39;");
     break; 
 case '&':
     output.Write("&amp;"); 
     break; 

Would it then be sufficient to use this in my Mvc Views as such:

For example:

<div>
    <%= Html.Encode(Model.Description) %>
</div>
<div>
  <!-- Need to encode Urls too as they contain a & character -->
   <a href="<%= Html.Encode(Url.Action("Foo", "Bar", new { Model.Param1, Model.Param2 }">
      Link Text
   </a>
</div>

And then the second part of my question: working with standard Razor based Pages and Page Templates within the Composite site - would I have to do a similar approach. Again, are there any helpers I could use?

Also, I noticed in another post that people were converting characters into the unicode reference version. e.g.:

& = &

I didn't have to do this myself when I was working with the MVC Views that I am porting into Composite - I found that as long as I escaped my characters using the Html helper I didn't have any issues. Is this a 4.0 beta improvement?

Thank you all;