JavaScriptEncode Method (String, Boolean)

Microsoft AntiXSS Library

Collapse imageExpand ImageCopy imageCopyHover image
Encodes input strings for use in JavaScript.

Namespace: Microsoft.Security.Application
Assembly: AntiXssLibrary40 (in AntiXssLibrary40.dll) Version: 4.2.0.0

Syntax

C#
public static string JavaScriptEncode(
	string input,
	bool emitQuotes
)
Visual Basic
Public Shared Function JavaScriptEncode ( _
	input As String, _
	emitQuotes As Boolean _
) As String
Visual C++
public:
static String^ JavaScriptEncode(
	String^ input, 
	bool emitQuotes
)

Parameters

input
Type: System..::..String
String to be encoded.
emitQuotes
Type: System..::..Boolean
value indicating whether or not to emit quotes. true = emit quote. false = no quote.

Return Value

Encoded string for use in JavaScript and does not return the output with en quotes.

Remarks

This function encodes all but known safe characters. Characters are encoded using \xSINGLE_BYTE_HEX and \uDOUBLE_BYTE_HEX notation. Safe characters include:
a-zLower case alphabet
A-ZUpper case alphabet
0-9Numbers
,Comma
.Period
-Dash
_Underscore
Space
Other International character ranges
Example inputs and encoded outputs:
alert('XSS Attack!');'alert\x28\x27XSS Attack\x21\x27\x29\x3b'
[email protected]'user\x40contoso.com'
Anti-Cross Site Scripting Library'Anti-Cross Site Scripting Library'

See Also