XmlAttributeEncode Method

Microsoft AntiXSS Library

Collapse imageExpand ImageCopy imageCopyHover image
Encodes input strings for use in XML attributes.

Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0

Syntax

C#
public static string XmlAttributeEncode(
	string input
)
Visual Basic
Public Shared Function XmlAttributeEncode ( _
	input As String _
) As String
Visual C++
public:
static String^ XmlAttributeEncode(
	String^ input
)

Parameters

input
Type: System..::..String
String to be encoded.

Return Value

Encoded string for use in XML attributes.

Remarks

This function encodes all but known safe characters. Characters are encoded using &#DECIMAL; notation. Safe characters include:
a-zLower case alphabet
A-ZUpper case alphabet
0-9Numbers
,Comma
.Period
-Dash
_Underscore
The safe list may be adjusted using MarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts). Example inputs and encoded outputs:
alert('XSS Attack!');alert('XSS Attack!&apos);
[email protected][email protected]
Anti-Cross Site Scripting LibraryAnti-Cross Site Scripting Library

See Also