有三种方法可以解决:

1. Server.HTMLEncode
<%
function htmlencode(str)
htmlencode=server.htmlencode(str)
htmlencode=replace(replace(htmlencode,chr(13),"
"),"'","’")
end function
%>

2. 在服务器端自己写函数转换:
<%
Function coder(str)
Dim result,L,i
If IsNull(str) Then : coder="" : Exit Function : End If
L=Len(str) : result=""
For i = 1 to L
select case mid(str,i,1)
case "<" : result=result+"<"
case ">" : result=result+">"
case chr(34) : result=result+"""
case "&" : result=result+"&"
case chr(13) : result=result+"
"
case chr(9) : result=result+" "
case chr(32) : result=result+""
case else : result=result+mid(str,i,1)
end select
Next
coder=result
End Function
%>

3. 在客户端用函数转换, 然后将转换好的文件提交:
<script language=javascript>
function coder(str)
{
var s = "";
if (str.length == 0) return "";
for (var i=0; i<str.length; i++)
{
switch (str.substr(i,1))
{
case "<" : s += "<"; break;
case ">" : s += ">"; break;
case "&" : s += "&"; break;
case " " : s += ""; break;
case "\"" : s += """; break;
case "\n" : s += "
"; break;
default : s += str.substr(i,1); break;
}
}
return s;
}
</script>