AntiXssEncoder.CssEncode(String) Method

Reference

Definition

Namespace:: System.Web.Security.AntiXss

Assembly:: System.Web.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Encodes the specified string for use in cascading style sheets (CSS).

public:
 static System::String ^ CssEncode(System::String ^ input);

public static string CssEncode (string input);

static member CssEncode : string -> string

Public Shared Function CssEncode (input As String) As String

Parameters

input: String

The string to encode.

Returns

String

The encoded string.

Remarks

This method encodes all characters except those that are in the safe list.

Note

Put quotation marks (" ") around the resulting string before you add it to a cascading style sheet.

The following table lists the default safe characters. All are from the Unicode C0 Controls and Basic Latin character range.

Character(s)	Description
A-Z	Uppercase alphabetic characters
a-z	Lowercase alphabetic characters
0-9	Numbers

The following table lists examples of inputs and the corresponding encoded outputs.


`alert('XSS Attack!');`	`alert\000028\000027XSS\000020Attack\000021\000027\000029\00003B`
`user@contoso.com`	`user\000040contoso\00002Ecom`
`Anti-Cross Site Scripting Namespace`	`Anti\00002DCross\000020Site\000020Scripting\000020Namespace`

The CSS character escape sequence consists of a backslash character (\) followed by up to six hexadecimal digits that represent a character code from the ISO 10646 standard. (The ISO 10646 standard is effectively equivalent to Unicode.) Any character other than a hexadecimal digit terminates the escape sequence. If a character that follows the escape sequence is also a valid hexadecimal digit, it must either include six digits in the escape sequence or use a white-space character to terminate the escape sequence. For example, \000020 denotes a space.

Applies to