Server.HtmlEncode vs HttpUtility.HtmlEncode

Server.HtmlEncode is equivalent to System.Web.HttpContext.Current.Server.HtmlEncode. The Server Object is an instance of the System.Web.HttpServerUtility class and it is readily accessible through any .aspx page since they inherit from the Page object which in turn has a Server Object instance.

The HttpUtility.HtmlEncode function lives under System.Web.HttpUtility. This class is basically a static version of the Server class which means that you could call the HtmlEncode function from a static function or call from another class that does not have an instance of the HttpServerUtility class.

There is a third HtmlEncode function located in the Microsoft’s AntiCross-Site Scripting Library. In contrast with the Server.HtmlEncode and HttpUtility.HtmlEncode functions, the later function takes a more aggressive approach by using a white-list filtering instead of a black-list,hence more PCI standards-compliant, and more secure.

HttpServerUtility.HtmlEncode will use HttpUtility.HtmlEncode internally. There is no specific difference. The reason for existence of Server.HtmlEncode is compatibility with classic ASP.