If you're using JSON.NET, you can specify
StringEscapeHandling.EscapeHtml
to escape all HTML (<, >, &, ', ") and control characters (e.g. newline).
StringEscapeHandling Enumeration[
^]
const string json = @"""\u003cb\u003eTop Secret\u003c/b\u003e""";
string deserialized = JsonConvert.DeserializeObject<string>(json);
var settings = new JsonSerializerSettings { StringEscapeHandling = StringEscapeHandling.EscapeHtml };
string serialized = JsonConvert.SerializeObject(deserialized, settings);
Alternatively, you could write your own
JsonConverter
to get more control over the serialization:
Custom JsonConverter<T>[
^]