Edit

Share via


AntiXssEncoder.HtmlFormUrlEncode Method

Definition

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded".

Overloads

HtmlFormUrlEncode(String)

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded".

HtmlFormUrlEncode(String, Int32)

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified code page.

HtmlFormUrlEncode(String, Encoding)

Encodes the specified string for form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified character encoding type.

HtmlFormUrlEncode(String)

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded".

public:
 static System::String ^ HtmlFormUrlEncode(System::String ^ input);
public static string HtmlFormUrlEncode (string input);
static member HtmlFormUrlEncode : string -> string
Public Shared Function HtmlFormUrlEncode (input As String) As String

Parameters

input
String

The string to encode.

Returns

The encoded string.

Remarks

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

Note

Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.

The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.

Unicode code chart Character(s) Description
A-Z Uppercase alphabetic characters
a-z Lowercase alphabetic characters
0-9 Numbers
- Hyphen, minus
. Period, dot, full stop
_ Underscore
~ Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

Input Output
alert('XSS Attack!'); alert%28%27XSS+Attack%21%27%29%3b
<script>alert('XSS Attack!');</script> %3cscript%3ealert%28%27XSS+Attack%21%27%29%3b%3c%2fscript%3e
alert('XSSあAttack!'); alert%28%27XSS%e3%81%82Attack%21%27%29%3b
user@contoso.com user@contoso.com
Anti-Cross Site Scripting Namespace Anti-Cross+Site+Scripting+Namespace

Applies to

HtmlFormUrlEncode(String, Int32)

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified code page.

public:
 static System::String ^ HtmlFormUrlEncode(System::String ^ input, int codePage);
public static string HtmlFormUrlEncode (string input, int codePage);
static member HtmlFormUrlEncode : string * int -> string
Public Shared Function HtmlFormUrlEncode (input As String, codePage As Integer) As String

Parameters

input
String

The string to encode.

codePage
Int32

The code page to use to encode the input string.

Returns

The encoded string.

Remarks

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

Note

Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.

The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.

Character(s) Description
A-Z Uppercase alphabetic characters
a-z Lowercase alphabetic characters
0-9 Numbers
- Hyphen, minus
. Period, dot, full stop
_ Underscore
~ Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

Input Output
alert('XSS Attack!'); alert%28%27XSS+Attack%21%27%29%3b
<script>alert('XSS Attack!');</script> %3cscript%3ealert%28%27XSS+Attack%21%27%29%3b%3c%2fscript%3e
alert('XSSあAttack!'); alert%28%27XSS%e3%81%82Attack%21%27%29%3b
user@contoso.com user%40contoso.com
Anti-Cross Site Scripting Namespace Anti-Cross+Site+Scripting+Namespace

Applies to

HtmlFormUrlEncode(String, Encoding)

Encodes the specified string for form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified character encoding type.

public:
 static System::String ^ HtmlFormUrlEncode(System::String ^ input, System::Text::Encoding ^ inputEncoding);
public static string HtmlFormUrlEncode (string input, System.Text.Encoding inputEncoding);
static member HtmlFormUrlEncode : string * System.Text.Encoding -> string
Public Shared Function HtmlFormUrlEncode (input As String, inputEncoding As Encoding) As String

Parameters

input
String

The string to encode.

inputEncoding
Encoding

The input encoding type.

Returns

The encoded string.

Remarks

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

Note

Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.

The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.

Character(s) Description
A-Z Uppercase alphabetic characters
a-z Lowercase alphabetic characters
0-9 Numbers
- Hyphen, minus
. Period, dot, full stop
_ Underscore
~ Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

Input Output
alert('XSS Attack!'); alert%28%27XSS+Attack%21%27%29%3b
<script>alert('XSS Attack!');</script> %3cscript%3ealert%28%27XSS+Attack%21%27%29%3b%3c%2fscript%3e
alert('XSSあAttack!'); alert%28%27XSS%e3%81%82Attack%21%27%29%3b
user@contoso.com user%40contoso.com
Anti-Cross Site Scripting Namespace Anti-Cross+Site+Scripting+Namespace

Applies to