AntiXssEncoder.UrlEncode Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Encodes strings and byte arrays for use in a URL.
Overloads
UrlEncode(String) |
Encodes the specified string for use in a URL. |
UrlEncode(String, Int32) |
Encodes the specified string for use in a URL by using the specified code page. |
UrlEncode(String, Encoding) |
Encodes the specified string for use in a URL by using the specified character encoding type. |
UrlEncode(Byte[], Int32, Int32) |
Encodes the specified byte array for use in a URL, starting at the specified offset in the byte array and encoding the specified number of bytes. |
UrlEncode(String)
Encodes the specified string for use in a URL.
public:
static System::String ^ UrlEncode(System::String ^ input);
public static string UrlEncode (string input);
static member UrlEncode : string -> string
Public Shared Function UrlEncode (input As String) As String
Parameters
- input
- String
The string to encode.
Returns
The encoded string.
Remarks
This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX
notation.
The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.
Character(s) | Description |
---|---|
A-Z | Uppercase alphabetic characters |
a-z | Lowercase alphabetic characters |
0-9 | Numbers |
- | Hyphen, minus |
. | Period, dot, full stop |
_ | Underscore |
~ | Tilde |
The following table lists examples of inputs and the corresponding encoded outputs.
Input | Output |
---|---|
alert('XSS Attack!'); |
alert%28%27XSS%20Attack%21%27%29%3b |
<script>alert('XSS Attack!');</script> |
%3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e |
alert('XSSあAttack!'); |
alert%28%27XSS%e3%81%82Attack%21%27%29%3b |
user@contoso.com |
user%40contoso.com |
"Anti-Cross Site Scripting Namespace" |
%22Anti-Cross%20Site%20Scripting%20Namespace%22 |
Applies to
UrlEncode(String, Int32)
Encodes the specified string for use in a URL by using the specified code page.
public:
static System::String ^ UrlEncode(System::String ^ input, int codePage);
public static string UrlEncode (string input, int codePage);
static member UrlEncode : string * int -> string
Public Shared Function UrlEncode (input As String, codePage As Integer) As String
Parameters
- input
- String
The string to encode.
- codePage
- Int32
The code page to use to encode the input
string.
Returns
The encoded string.
Remarks
This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX
notation.
The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.
Unicode code chart | Character(s) | Description |
---|---|---|
A-Z | Uppercase alphabetic characters | |
a-z | Lowercase alphabetic characters | |
0-9 | Numbers | |
- | Hyphen, minus | |
. | Period, dot, full stop | |
_ | Underscore | |
~ | Tilde |
The following table lists examples of inputs and the corresponding encoded outputs.
Input | Output |
---|---|
alert('XSS Attack!'); |
alert%28%27XSS%20Attack%21%27%29%3b |
<script>alert('XSS Attack!');</script> |
%3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e |
alert('XSSあAttack!'); |
alert%28%27XSS%e3%81%82Attack%21%27%29%3b |
user@contoso.com |
user%40contoso.com |
"Anti-Cross Site Scripting Namespace" |
%22Anti-Cross%20Site%20Scripting%20Namespace%22 |
Applies to
UrlEncode(String, Encoding)
Encodes the specified string for use in a URL by using the specified character encoding type.
public:
static System::String ^ UrlEncode(System::String ^ input, System::Text::Encoding ^ inputEncoding);
public static string UrlEncode (string input, System.Text.Encoding inputEncoding);
static member UrlEncode : string * System.Text.Encoding -> string
Public Shared Function UrlEncode (input As String, inputEncoding As Encoding) As String
Parameters
- input
- String
The string to encode.
- inputEncoding
- Encoding
The input encoding type.
Returns
The encoded string.
Remarks
This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX
notation.
The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.
Character(s) | Description |
---|---|
A-Z | Uppercase alphabetic characters |
a-z | Lowercase alphabetic characters |
0-9 | Numbers |
- | Hyphen, minus |
. | Period, dot, full stop |
_ | Underscore |
~ | Tilde |
The following table lists examples of inputs and the corresponding encoded outputs.
Input | Output |
---|---|
alert('XSS Attack!'); |
alert%28%27XSS%20Attack%21%27%29%3b |
<script>alert('XSS Attack!');</script> |
%3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e |
alert('XSSあAttack!'); |
alert%28%27XSS%e3%81%82Attack%21%27%29%3b |
user@contoso.com |
user%40contoso.com |
"Anti-Cross Site Scripting Namespace" |
%22Anti-Cross%20Site%20Scripting%20Namespace%22 |
Applies to
UrlEncode(Byte[], Int32, Int32)
Encodes the specified byte array for use in a URL, starting at the specified offset in the byte array and encoding the specified number of bytes.
protected public:
override cli::array <System::Byte> ^ UrlEncode(cli::array <System::Byte> ^ bytes, int offset, int count);
protected internal override byte[] UrlEncode (byte[] bytes, int offset, int count);
override this.UrlEncode : byte[] * int * int -> byte[]
Protected Friend Overrides Function UrlEncode (bytes As Byte(), offset As Integer, count As Integer) As Byte()
Parameters
- bytes
- Byte[]
The byte array to encode.
- offset
- Int32
The index of the first byte to encode.
- count
- Int32
The number of bytes to encode.
Returns
The encoded byte array.
Remarks
This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX
notation.
The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.
Character(s) | Description |
---|---|
A-Z | Uppercase alphabetic characters |
a-z | Lowercase alphabetic characters |
0-9 | Numbers |
- | Hyphen, minus |
. | Period, dot, full stop |
_ | Underscore |
~ | Tilde |
The following table lists examples of inputs and the corresponding encoded outputs.
Input | Output |
---|---|
alert('XSS Attack!'); |
alert%28%27XSS%20Attack%21%27%29%3b |
<script>alert('XSS Attack!');</script> |
%3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e |
alert('XSSあAttack!'); |
alert%28%27XSS%e3%81%82Attack%21%27%29%3b |
user@contoso.com |
user%40contoso.com |
"Anti-Cross Site Scripting Namespace" |
%22Anti-Cross%20Site%20Scripting%20Namespace%22 |
Applies to
.NET