Server.HtmlEncode is equivalent to
System.Web.HttpContext.Current.Server.HtmlEncode. The Server Object is an instance of the
System.Web.HttpServerUtility class and it is readily accessible through any .aspx page since they inherit from the
Page object which in turn has a
Server Object instance.
HttpUtility.HtmlEncode function lives under
System.Web.HttpUtility. This class is basically a
static version of the
Server class which means that you could call the
HtmlEncode function from a
static function or call from another class that does not have an instance of the
There is a third
HtmlEncode function located in the Microsoft’s AntiCross-Site Scripting Library. In contrast with the
HttpUtility.HtmlEncode functions, the later function takes a more aggressive approach by using a white-list filtering instead of a black-list,hence more PCI standards-compliant, and more secure.
HttpServerUtility.HtmlEncode will use
HttpUtility.HtmlEncode internally. There is no specific difference. The reason for existence of
Server.HtmlEncode is compatibility with classic ASP.