HtmlAttributeEncode Method

Microsoft AntiXSS Library

previous page next page
Collapse imageExpand ImageCopy imageCopyHover image
Encodes an input string for use in an HTML attribute.

Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0

Syntax

C#
public static string HtmlAttributeEncode(
	string input
)
Visual Basic
Public Shared Function HtmlAttributeEncode ( _
	input As String _
) As String
Visual C++
public:
static String^ HtmlAttributeEncode(
	String^ input
)

Parameters

input
Type: System..::..String
String to be encoded.

Return Value

The input string encoded for use in an HTML attribute.

Remarks

This function encodes all but known safe characters. Characters are encoded using &#DECIMAL; notation. Safe characters include:
a-zLower case alphabet
A-ZUpper case alphabet
0-9Numbers
,Comma
.Period
-Dash
_Underscore
The safe list may be adjusted using MarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts). Example inputs and encoded outputs:
alert('XSS Attack!');alert('XSS Attack!');
[email protected][email protected]
Anti-Cross Site Scripting LibraryAnti-Cross Site Scripting Library

See Also

previous page start next page