Edit

Share via


AntiXssEncoder.UrlEncode Method

Definition

Encodes strings and byte arrays for use in a URL.

Overloads

UrlEncode(String)

Encodes the specified string for use in a URL.

UrlEncode(String, Int32)

Encodes the specified string for use in a URL by using the specified code page.

UrlEncode(String, Encoding)

Encodes the specified string for use in a URL by using the specified character encoding type.

UrlEncode(Byte[], Int32, Int32)

Encodes the specified byte array for use in a URL, starting at the specified offset in the byte array and encoding the specified number of bytes.

UrlEncode(String)

Encodes the specified string for use in a URL.

public:
 static System::String ^ UrlEncode(System::String ^ input);
public static string UrlEncode (string input);
static member UrlEncode : string -> string
Public Shared Function UrlEncode (input As String) As String

Parameters

input
String

The string to encode.

Returns

The encoded string.

Remarks

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.

Character(s) Description
A-Z Uppercase alphabetic characters
a-z Lowercase alphabetic characters
0-9 Numbers
- Hyphen, minus
. Period, dot, full stop
_ Underscore
~ Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

Input Output
alert('XSS Attack!'); alert%28%27XSS%20Attack%21%27%29%3b
<script>alert('XSS Attack!');</script> %3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e
alert('XSSあAttack!'); alert%28%27XSS%e3%81%82Attack%21%27%29%3b
user@contoso.com user%40contoso.com
"Anti-Cross Site Scripting Namespace" %22Anti-Cross%20Site%20Scripting%20Namespace%22

Applies to

UrlEncode(String, Int32)

Encodes the specified string for use in a URL by using the specified code page.

public:
 static System::String ^ UrlEncode(System::String ^ input, int codePage);
public static string UrlEncode (string input, int codePage);
static member UrlEncode : string * int -> string
Public Shared Function UrlEncode (input As String, codePage As Integer) As String

Parameters

input
String

The string to encode.

codePage
Int32

The code page to use to encode the input string.

Returns

The encoded string.

Remarks

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.

Unicode code chart Character(s) Description
A-Z Uppercase alphabetic characters
a-z Lowercase alphabetic characters
0-9 Numbers
- Hyphen, minus
. Period, dot, full stop
_ Underscore
~ Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

Input Output
alert('XSS Attack!'); alert%28%27XSS%20Attack%21%27%29%3b
<script>alert('XSS Attack!');</script> %3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e
alert('XSSあAttack!'); alert%28%27XSS%e3%81%82Attack%21%27%29%3b
user@contoso.com user%40contoso.com
"Anti-Cross Site Scripting Namespace" %22Anti-Cross%20Site%20Scripting%20Namespace%22

Applies to

UrlEncode(String, Encoding)

Encodes the specified string for use in a URL by using the specified character encoding type.

public:
 static System::String ^ UrlEncode(System::String ^ input, System::Text::Encoding ^ inputEncoding);
public static string UrlEncode (string input, System.Text.Encoding inputEncoding);
static member UrlEncode : string * System.Text.Encoding -> string
Public Shared Function UrlEncode (input As String, inputEncoding As Encoding) As String

Parameters

input
String

The string to encode.

inputEncoding
Encoding

The input encoding type.

Returns

The encoded string.

Remarks

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.

Character(s) Description
A-Z Uppercase alphabetic characters
a-z Lowercase alphabetic characters
0-9 Numbers
- Hyphen, minus
. Period, dot, full stop
_ Underscore
~ Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

Input Output
alert('XSS Attack!'); alert%28%27XSS%20Attack%21%27%29%3b
<script>alert('XSS Attack!');</script> %3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e
alert('XSSあAttack!'); alert%28%27XSS%e3%81%82Attack%21%27%29%3b
user@contoso.com user%40contoso.com
"Anti-Cross Site Scripting Namespace" %22Anti-Cross%20Site%20Scripting%20Namespace%22

Applies to

UrlEncode(Byte[], Int32, Int32)

Encodes the specified byte array for use in a URL, starting at the specified offset in the byte array and encoding the specified number of bytes.

protected public:
 override cli::array <System::Byte> ^ UrlEncode(cli::array <System::Byte> ^ bytes, int offset, int count);
protected internal override byte[] UrlEncode (byte[] bytes, int offset, int count);
override this.UrlEncode : byte[] * int * int -> byte[]
Protected Friend Overrides Function UrlEncode (bytes As Byte(), offset As Integer, count As Integer) As Byte()

Parameters

bytes
Byte[]

The byte array to encode.

offset
Int32

The index of the first byte to encode.

count
Int32

The number of bytes to encode.

Returns

Byte[]

The encoded byte array.

Remarks

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.

Character(s) Description
A-Z Uppercase alphabetic characters
a-z Lowercase alphabetic characters
0-9 Numbers
- Hyphen, minus
. Period, dot, full stop
_ Underscore
~ Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

Input Output
alert('XSS Attack!'); alert%28%27XSS%20Attack%21%27%29%3b
<script>alert('XSS Attack!');</script> %3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e
alert('XSSあAttack!'); alert%28%27XSS%e3%81%82Attack%21%27%29%3b
user@contoso.com user%40contoso.com
"Anti-Cross Site Scripting Namespace" %22Anti-Cross%20Site%20Scripting%20Namespace%22

Applies to