Where to put the 'HtmlEncode' on a page?

[cesark]

Where is the best place to htmlEncode a text box on an aspx page? Inside of a Subroutine, between html head tags, between html body tags...?

I want that the content of the text box is HtmlEncode before the data reaches to the server so that no damage is caused. I only knows that it is recommended 'HtmlEncode' all the input strings for security reasons, I understand all the text box fields that in its server validation allows the characters '<' and '>'.

For example: (Where I have to write this?)

Code:

Dim var1 As String
var1 = mail.Text()
Server.HtmlEncode(var1)

Thank you,
Cesar

[Lethal]

Here is a class with some basic html formatting options I use in all my pages:

Code:

using System;
using System.Web;
using System.Text.RegularExpressions;

namespace DevTrack.Common.Utils {
	/// <summary>
	/// Helper class for common html functions
	/// </summary>
	public class HtmlHelper {
		/// <summary>
		/// HtmlEncodes the source text
		/// </summary>
		public static string Encode(string value) {
			return HttpContext.Current != null 
				? HttpContext.Current.Server.HtmlEncode(value) : value;
		}
		/// <summary>
		/// HtmlDecodes the source text
		/// </summary>
		public static string Decode(string value) {
			return HttpContext.Current != null 
				? HttpContext.Current.Server.HtmlDecode(value) : value;
		}
		/// <summary>
		/// Removes Html & Xml tags from the source text
		/// </summary>
		public static string StripHtmlXmlTags (string content) {
			return Regex.Replace(content, "<[^>]+>", 
				String.Empty, RegexOptions.IgnoreCase | RegexOptions.Compiled);
		}
		/// <summary>
		/// Removes script tags from the source text
		/// </summary>
		public static string StripScriptTags(string content) {
			return  Regex.Replace(content, "<script((.|\n)*?)</script>",
				String.Empty, RegexOptions.IgnoreCase | RegexOptions.Multiline);
		}
	}
}