There is also the fact that you can place HTML in the message, but it must be valid so that it does not break the rest of the page by, for example, closing another tag too early. Generally a good approach would be to escape your HTML fully, for example by using the HtmlEncode() method the .NET framework offers. Note that this should be done before transforming any other special characters to HTML entities, as HtmlEncode() would transform the ampersand of the entity to its own entity which would prevent the browser from reading it properly.
Since the displayed string is finally HTML this means that environmental variables such as new lines must be configured for HTML – this is the
<br /> tag and not \r, \n, vbCrLf, CR, LF, chr(10) or chr(13) as is in C# and VB. In this regard the String.Replace() method is often useful and quite straightforward to use.