AntiXssEncoder Class

Definition

Namespace:

System.Web.Security.AntiXss

Assembly:

System.Web.dll

Encodes a string for use in HTML, XML, CSS, and URL strings.

public ref class AntiXssEncoder : System::Web::Util::HttpEncoder

public class AntiXssEncoder : System.Web.Util.HttpEncoder

type AntiXssEncoder = class
    inherit HttpEncoder

Public Class AntiXssEncoder
Inherits HttpEncoder

Inheritance

Object

HttpEncoder

AntiXssEncoder

Remarks

You can use the AntiXssEncoder class to override the HttpEncoder class that is used by default to encode and decode strings in methods of classes such as HttpUtility, HttpServerUtility, and HttpResponseHeader.

In the AntiXssEncoder class, all characters that are not found in the safe list are encoded by the HtmlAttributeEncode and HtmlEncode methods.

To replace the HttpEncoder class with the AntiXssEncoder class, register it using the encoderType attribute of the httpRuntime element in the Web.config file, as shown in following example:

<httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder" />  

A list of default safe characters for different encoding methods can be found in the remarks for the HtmlAttributeEncode, HtmlEncode, XmlAttributeEncode, and XmlEncode methods. The default safe list can be modified by using the MarkAsSafe method.

Constructors

AntiXssEncoder()

Initializes a new instance of the AntiXssEncoder class.

Methods

CssEncode(String)	Encodes the specified string for use in cascading style sheets (CSS).
Equals(Object)	Determines whether the specified object is equal to the current object. (Inherited from Object)
GetHashCode()	Serves as the default hash function. (Inherited from Object)
GetType()	Gets the Type of the current instance. (Inherited from Object)
HeaderNameValueEncode(String, String, String, String)	Encodes a header name and value into a string that can be used as an HTTP header. (Inherited from HttpEncoder)
HtmlAttributeEncode(String, TextWriter)	Encodes and outputs the specified string for use in an HTML attribute.
HtmlDecode(String, TextWriter)	Decodes a value from an HTML-encoded string. (Inherited from HttpEncoder)
HtmlEncode(String, Boolean)	Encodes the specified string for use as text in HTML markup and optionally specifies whether to use HTML 4.0 named entities.
HtmlEncode(String, TextWriter)	Encodes the specified string for use as text in HTML markup and outputs the string by using the specified text writer.
HtmlFormUrlEncode(String, Encoding)	Encodes the specified string for form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified character encoding type.
HtmlFormUrlEncode(String, Int32)	Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified code page.
HtmlFormUrlEncode(String)	Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded".
JavaScriptStringEncode(String)	Encodes a string. (Inherited from HttpEncoder)
MarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts)	Marks characters from the specified Unicode code charts as safe.
MemberwiseClone()	Creates a shallow copy of the current Object. (Inherited from Object)
ToString()	Returns a string that represents the current object. (Inherited from Object)
UrlEncode(Byte[], Int32, Int32)	Encodes the specified byte array for use in a URL, starting at the specified offset in the byte array and encoding the specified number of bytes.
UrlEncode(String, Encoding)	Encodes the specified string for use in a URL by using the specified character encoding type.
UrlEncode(String, Int32)	Encodes the specified string for use in a URL by using the specified code page.
UrlEncode(String)	Encodes the specified string for use in a URL.
UrlPathEncode(String)	Encodes path strings for use in a URL.
XmlAttributeEncode(String)	Encodes the specified string for use in XML attributes.
XmlEncode(String)	Encodes the specified string for use in XML attributes.