Encode HTML, JavaScript, and URL Query Strings In ASP.NET Core

When a web page accepts an input from the end user it can also include malicious data consisting of special characters, HTML tags, JavaScript code and the things like that. As a safety measure you should encode such data before displaying it back on to a page or while passing through URL query strings. To that end ASP.NET Core providers three encoder classes that help you accomplish just that. This article discuses how these classes can be used to encode HTML markup, JavaScript code and URL query strings.

http://www.binaryintellect.net/articles/440d70a2-4c78-4487-81cf-644aeb82efac.aspx