documentation.HELP! Microsoft AntiXSS Library Documentation

HtmlEncode Method (String)

Microsoft AntiXSS Library

previous page next page

Collapse AllExpand All      Code: All Code: Multiple Code: C# Code: Visual Basic Code: Visual C++

C#Visual Basic
Visual C++

Microsoft AntiXSS Library

Encoder..::..HtmlEncode Method (String)

Encoder Class See Also

Encodes input strings for use in HTML.

Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0

Syntax

C#
public static string HtmlEncode( string input )

Visual Basic
Public Shared Function HtmlEncode ( _ input As String _ ) As String

Visual C++
public: static String^ HtmlEncode( String^ input )

Parameters

input

Type: System..::..String
String to be encoded.

Return Value

Encoded string for use in HTML.

Remarks

All characters not safe listed are encoded to their Unicode decimal value, using &#DECIMAL; notation. The default safe characters include:

a-z	Lower case alphabet
A-Z	Upper case alphabet
0-9	Numbers
,	Comma
.	Period
-	Dash
_	Underscore
'	Apostrophe
	Space

The safe list may be adjusted using MarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts). Example inputs and their related encoded outputs:

<script>alert('XSS Attack!');</script>	&lt;script&gt;alert('XSS Attack!');&lt;/script&gt;
[email protected]	[email protected]
Anti-Cross Site Scripting Library	Anti-Cross Site Scripting Library
"Anti-Cross Site Scripting Library"	&quote;Anti-Cross Site Scripting Library&quote;

See Also

Encoder Class

HtmlEncode Overload

Microsoft.Security.Application Namespace

(c) 2008, 2009, 2010, 2011 Microsoft Corporation. All rights reservered.

previous page start next page

Get in touch

Submit feedback about this site to:

• [email protected]