Is Html.Encode() method needed?

I'm not sure what the problem is?
Are you trying to upload HTML or JavaScript to a server?

ASP.NET has configurable security settings that check for potential cross site scripting attacks. It restricts certain data from being uploaded to the server. If your application is expecting this type of data then you should cautiously look into configuring the security settings to allow this to be entered.

-Frinny

Many thanks Frinny.
Probably I' could not clarify my point clearly and messed up things :)
Actually I have no intention to inject any malicious code to anywhere, what I wanted to know whether Html.Encode() at all neccesssary for my site(especially when I take user inputs) or the .NET Framework has its built-in mrthod to keep a check on this?

It is a good idea to use the Html.Encode() method.

The Encode method transforms any special characters (like <> etc) into the ASCII equivalent.

Let's say the user enters:
<script type="text/javascript">...some nasty script...</script>

It is most likely that ASP.NET will detect this as an attempt at cross site scripting and will throw a security error.

Great you're protected in this instance.

Now let's say that somehow the data stored in the database (maybe from another application or say the security settings for the web applications were configured to allow this) was:

<script type="text/javascript">...some nasty script... </script>

If you send this to the browser as is, the browser will interpret the script between the <script></script> tags and run the code. This could be very bad for you and your end user (the script could be doing anything: redirecting requests to another site first...gathering information and sending it off to some where else...or anything really).

If you had used the Encode method the <> would have been transformed into their ASCII equivalent and the browser would just display the content as text instead of interpreting the text as code and executing it.

Data should never be trusted.
You should always take care to protect yourselves and your client.
The Encode method adds that extra bit of security to ensure that bad things don't happen.

-Frinny

Many thanks Frinny, you have explained a very important affair in an excellent manner.
In an hurry I had mistakenly written Html.Encode(), actually it should be either httpUtility.HtmlEncode() or Server.HtmlEncode() method.
Both are required for the untrusted data(whic you have mentioned corrrectly, "Data should never be truate"), that is placed in the Text property.