Encodes input strings for use in HTML.
Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0
Syntax
| C# |
|---|
public static string HtmlEncode( string input ) |
| Visual Basic |
|---|
Public Shared Function HtmlEncode ( _ input As String _ ) As String |
| Visual C++ |
|---|
public: static String^ HtmlEncode( String^ input ) |
Parameters
- input
- Type: System..::..String
String to be encoded.
Return Value
Encoded string for use in HTML.Remarks
All characters not safe listed are encoded to their Unicode decimal value, using &#DECIMAL; notation.
The default safe characters include:
The safe list may be adjusted using MarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts).
Example inputs and their related encoded outputs:
| a-z | Lower case alphabet |
| A-Z | Upper case alphabet |
| 0-9 | Numbers |
| , | Comma |
| . | Period |
| - | Dash |
| _ | Underscore |
| ' | Apostrophe |
| Space |
| <script>alert('XSS Attack!');</script> | <script>alert('XSS Attack!');</script> |
| [email protected] | [email protected] |
| Anti-Cross Site Scripting Library | Anti-Cross Site Scripting Library |
| "Anti-Cross Site Scripting Library" | "e;Anti-Cross Site Scripting Library"e; |
