Default.aspx
<%@ Page ValidateRequest="false" Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="test_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>asp.net(C#) 编码解码(HtmlEncode与HtmlEncode)</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <asp:Label ID="lblShow" runat="server" Text="Label"></asp:Label>
        <asp:TextBox ID="txtInput" runat="server" Height="194px" TextMode="MultiLine" Width="305px"></asp:TextBox>
        <asp:Button ID="btnOk" runat="server" Text="提交" OnClick="btnOk_Click" /></div>
    </form>
</body>
</html>

Default.aspx.cs
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
/***********************编码研究***********************
 * 1.默认情况是不允许用户在TextBox中输入html标签的,
 *   如果需要输入,设置Page的ValidateRequest="false"
 * 2.可以把输入的html标签,比如<input>直接存放在数据库中,
 *   只是在输出的时候编码,防止原样输出打乱页面布局.或者呈现html元素.
 *****************************************************/
public partial class test_Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void btnOk_Click(object sender, EventArgs e)
    {
        lblShow.Text = htmlEncode(txtInput.Text);
    } 
    /// <summary>
    /// 对输入的html编码,同时对回车与空格进行转换
    /// </summary>
    /// <param name="str"></param>
    /// <returns></returns>
    public string htmlEncode(string str)
    {
        return Server.HtmlEncode(str).Replace("\n", "<br/>").Replace(" ", " ");
    }

}