HtmlEncode Method (String)

Microsoft AntiXSS Library

Collapse imageExpand ImageCopy imageCopyHover image
Encodes input strings for use in HTML.

Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0

Syntax

C#
public static string HtmlEncode(
	string input
)
Visual Basic
Public Shared Function HtmlEncode ( _
	input As String _
) As String
Visual C++
public:
static String^ HtmlEncode(
	String^ input
)

Parameters

input
Type: System..::..String
String to be encoded.

Return Value

Encoded string for use in HTML.

Remarks

All characters not safe listed are encoded to their Unicode decimal value, using &#DECIMAL; notation. The default safe characters include:
a-zLower case alphabet
A-ZUpper case alphabet
0-9Numbers
,Comma
.Period
-Dash
_Underscore
'Apostrophe
Space
The safe list may be adjusted using MarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts). Example inputs and their related encoded outputs:
<script>alert('XSS Attack!');</script>&lt;script&gt;alert('XSS Attack!');&lt;/script&gt;
[email protected][email protected]
Anti-Cross Site Scripting LibraryAnti-Cross Site Scripting Library
"Anti-Cross Site Scripting Library"&quote;Anti-Cross Site Scripting Library&quote;

See Also