Encodes input strings for use in HTML.
Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0
Syntax
C# |
---|
public static string HtmlEncode( string input, bool useNamedEntities ) |
Visual Basic |
---|
Public Shared Function HtmlEncode ( _ input As String, _ useNamedEntities As Boolean _ ) As String |
Visual C++ |
---|
public: static String^ HtmlEncode( String^ input, bool useNamedEntities ) |
Parameters
- input
- Type: System..::..String
String to be encoded.
- useNamedEntities
- Type: System..::..Boolean
Value indicating if the HTML 4.0 named entities should be used.
Return Value
Encoded string for use in HTML.Remarks
All characters not safe listed are encoded to their Unicode decimal value, using &#DECIMAL; notation.
If you choose to use named entities then if a character is an HTML4.0 named entity the named entity will be used.
The default safe characters include:
The safe list may be adjusted using MarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts).
Example inputs and their related encoded outputs:
a-z | Lower case alphabet |
A-Z | Upper case alphabet |
0-9 | Numbers |
, | Comma |
. | Period |
- | Dash |
_ | Underscore |
' | Apostrophe |
Space |
<script>alert('XSS Attack!');</script> | <script>alert('XSS Attack!');</script> |
[email protected] | [email protected] |
Anti-Cross Site Scripting Library | Anti-Cross Site Scripting Library |
"Anti-Cross Site Scripting Library" | "e;Anti-Cross Site Scripting Library"e; |