| |
| Microsoft AntiXSS Library |
| Encoder..::..JavaScriptEncode Method (String, Boolean) |
| Encoder Class See Also |
Encodes input strings for use in JavaScript.
Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0
Syntax
| C# |
|---|
public static string JavaScriptEncode( string input, bool emitQuotes ) |
| Visual Basic |
|---|
Public Shared Function JavaScriptEncode ( _ input As String, _ emitQuotes As Boolean _ ) As String |
| Visual C++ |
|---|
public: static String^ JavaScriptEncode( String^ input, bool emitQuotes ) |
Parameters
- input
- Type: System..::..String
String to be encoded.
- emitQuotes
- Type: System..::..Boolean
value indicating whether or not to emit quotes. true = emit quote. false = no quote.
Return Value
Encoded string for use in JavaScript and does not return the output with en quotes.Remarks
This function encodes all but known safe characters. Characters are encoded using \xSINGLE_BYTE_HEX and \uDOUBLE_BYTE_HEX notation.
Safe characters include:
Example inputs and encoded outputs:
| a-z | Lower case alphabet |
| A-Z | Upper case alphabet |
| 0-9 | Numbers |
| , | Comma |
| . | Period |
| - | Dash |
| _ | Underscore |
| Space | |
| Other International character ranges |
| alert('XSS Attack!'); | 'alert\x28\x27XSS Attack\x21\x27\x29\x3b' |
| [email protected] | 'user\x40contoso.com' |
| Anti-Cross Site Scripting Library | 'Anti-Cross Site Scripting Library' |
