| |
| Microsoft AntiXSS Library |
| Encoder..::..HtmlFormUrlEncode Method (String, Encoding) |
| Encoder Class See Also |
Encodes input strings for use in application/x-www-form-urlencoded form submissions.
Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0
Syntax
| C# |
|---|
public static string HtmlFormUrlEncode( string input, Encoding inputEncoding ) |
| Visual Basic |
|---|
Public Shared Function HtmlFormUrlEncode ( _ input As String, _ inputEncoding As Encoding _ ) As String |
| Visual C++ |
|---|
public: static String^ HtmlFormUrlEncode( String^ input, Encoding^ inputEncoding ) |
Parameters
- input
- Type: System..::..String
String to be encoded.
- inputEncoding
- Type: System.Text..::..Encoding
Input encoding type.
Return Value
Encoded string for use in URLs.Remarks
This function encodes the output as per the encoding parameter (codepage) passed to it. It encodes
all but known safe characters. Characters are encoded using %SINGLE_BYTE_HEX and %DOUBLE_BYTE_HEX notation.
If the inputEncoding is null then UTF-8 is assumed by default.
Safe characters include:
Example inputs and encoded outputs:
| a-z | Lower case alphabet |
| A-Z | Upper case alphabet |
| 0-9 | Numbers |
| . | Period |
| - | Dash |
| _ | Underscore |
| ~ | Tilde |
| alert('XSSあAttack!'); | alert%28%27XSS%82%a0Attack%21%27%29%3b |
| [email protected] | user%40contoso.com |
| Anti-Cross Site Scripting Library | Anti-Cross+Site+Scripting+Library |
