HtmlEncode Method (String, Boolean)

Microsoft AntiXSS Library

Collapse imageExpand ImageCopy imageCopyHover image
Encodes input strings for use in HTML.

Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0

Syntax

C#
public static string HtmlEncode(
	string input,
	bool useNamedEntities
)
Visual Basic
Public Shared Function HtmlEncode ( _
	input As String, _
	useNamedEntities As Boolean _
) As String
Visual C++
public:
static String^ HtmlEncode(
	String^ input, 
	bool useNamedEntities
)

Parameters

input
Type: System..::..String
String to be encoded.
useNamedEntities
Type: System..::..Boolean
Value indicating if the HTML 4.0 named entities should be used.

Return Value

Encoded string for use in HTML.

Remarks

All characters not safe listed are encoded to their Unicode decimal value, using &#DECIMAL; notation. If you choose to use named entities then if a character is an HTML4.0 named entity the named entity will be used. The default safe characters include:
a-zLower case alphabet
A-ZUpper case alphabet
0-9Numbers
,Comma
.Period
-Dash
_Underscore
'Apostrophe
Space
The safe list may be adjusted using MarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts). Example inputs and their related encoded outputs:
<script>alert('XSS Attack!');</script>&lt;script&gt;alert('XSS Attack!');&lt;/script&gt;
[email protected][email protected]
Anti-Cross Site Scripting LibraryAnti-Cross Site Scripting Library
"Anti-Cross Site Scripting Library"&quote;Anti-Cross Site Scripting Library&quote;

See Also