AntiXssEncoder.HtmlFormUrlEncode Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded".
Overloads
HtmlFormUrlEncode(String) |
Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded". |
HtmlFormUrlEncode(String, Int32) |
Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified code page. |
HtmlFormUrlEncode(String, Encoding) |
Encodes the specified string for form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified character encoding type. |
HtmlFormUrlEncode(String)
Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded".
public:
static System::String ^ HtmlFormUrlEncode(System::String ^ input);
public static string HtmlFormUrlEncode (string input);
static member HtmlFormUrlEncode : string -> string
Public Shared Function HtmlFormUrlEncode (input As String) As String
Parameters
- input
- String
The string to encode.
Returns
The encoded string.
Remarks
This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX
notation.
Note
Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.
The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.
Unicode code chart | Character(s) | Description |
---|---|---|
A-Z | Uppercase alphabetic characters | |
a-z | Lowercase alphabetic characters | |
0-9 | Numbers | |
- | Hyphen, minus | |
. | Period, dot, full stop | |
_ | Underscore | |
~ | Tilde |
The following table lists examples of inputs and the corresponding encoded outputs.
alert('XSS Attack!'); |
alert%28%27XSS+Attack%21%27%29%3b |
<script>alert('XSS Attack!');</script> |
%3cscript%3ealert%28%27XSS+Attack%21%27%29%3b%3c%2fscript%3e |
alert('XSSあAttack!'); |
alert%28%27XSS%e3%81%82Attack%21%27%29%3b |
user@contoso.com |
user@contoso.com |
Anti-Cross Site Scripting Namespace |
Anti-Cross+Site+Scripting+Namespace |
Applies to
HtmlFormUrlEncode(String, Int32)
Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified code page.
public:
static System::String ^ HtmlFormUrlEncode(System::String ^ input, int codePage);
public static string HtmlFormUrlEncode (string input, int codePage);
static member HtmlFormUrlEncode : string * int -> string
Public Shared Function HtmlFormUrlEncode (input As String, codePage As Integer) As String
Parameters
- input
- String
The string to encode.
- codePage
- Int32
The code page to use to encode the input
string.
Returns
The encoded string.
Remarks
This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX
notation.
Note
Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.
The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.
Character(s) | Description |
---|---|
A-Z | Uppercase alphabetic characters |
a-z | Lowercase alphabetic characters |
0-9 | Numbers |
- | Hyphen, minus |
. | Period, dot, full stop |
_ | Underscore |
~ | Tilde |
The following table lists examples of inputs and the corresponding encoded outputs.
alert('XSS Attack!'); |
alert%28%27XSS+Attack%21%27%29%3b |
<script>alert('XSS Attack!');</script> |
%3cscript%3ealert%28%27XSS+Attack%21%27%29%3b%3c%2fscript%3e |
alert('XSSあAttack!'); |
alert%28%27XSS%e3%81%82Attack%21%27%29%3b |
user@contoso.com |
user%40contoso.com |
Anti-Cross Site Scripting Namespace |
Anti-Cross+Site+Scripting+Namespace |
Applies to
HtmlFormUrlEncode(String, Encoding)
Encodes the specified string for form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified character encoding type.
public:
static System::String ^ HtmlFormUrlEncode(System::String ^ input, System::Text::Encoding ^ inputEncoding);
public static string HtmlFormUrlEncode (string input, System.Text.Encoding inputEncoding);
static member HtmlFormUrlEncode : string * System.Text.Encoding -> string
Public Shared Function HtmlFormUrlEncode (input As String, inputEncoding As Encoding) As String
Parameters
- input
- String
The string to encode.
- inputEncoding
- Encoding
The input encoding type.
Returns
The encoded string.
Remarks
This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX
notation.
Note
Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.
The following table lists the default safe characters. All characters are from the Unicode C0 Controls and Basic Latin character range.
Character(s) | Description |
---|---|
A-Z | Uppercase alphabetic characters |
a-z | Lowercase alphabetic characters |
0-9 | Numbers |
- | Hyphen, minus |
. | Period, dot, full stop |
_ | Underscore |
~ | Tilde |
The following table lists examples of inputs and the corresponding encoded outputs.
alert('XSS Attack!'); |
alert%28%27XSS+Attack%21%27%29%3b |
<script>alert('XSS Attack!');</script> |
%3cscript%3ealert%28%27XSS+Attack%21%27%29%3b%3c%2fscript%3e |
alert('XSSあAttack!'); |
alert%28%27XSS%e3%81%82Attack%21%27%29%3b |
user@contoso.com |
user%40contoso.com |
Anti-Cross Site Scripting Namespace |
Anti-Cross+Site+Scripting+Namespace |