Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Provides encoding and decoding logic.
public ref class HttpEncoder
public class HttpEncoder
type HttpEncoder = class
Public Class HttpEncoder
The class contains encoding and decoding logic that is used by methods in classes such as HttpUtility, HttpServerUtility, and HttpResponseHeader.
You can inherit from the HttpEncoder class and override its behavior to customize the default encoding and decoding behavior of ASP.NET. You then set the EncoderType property of the HttpRuntimeSection class to configure your custom class.
A custom class for encoding and decoding that derives from HttpEncoder can override the built-in ASP.NET encoding and decoding behavior or change only selected aspects of it.
You can configure the custom encoding type for in ASP.NET to replace or supplement the following encoding behavior:
HTML attribute encoding
URL path encoding
HTTP header name and header value encoding
By default, ASP.NET applications are configured to use the AntiXssEncoder type for all output encoding.
The following example from an application-level Web.config file shows how the AntiXssEncoder type is set for an ASP.NET application:
<httpRuntime requestValidationMode="4.5" encoderType="System.Web.Security.AntiXss.AntiXssEncoder, System.Web, Version=220.127.116.11, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
The configuration setting in the example sets the AntiXssEncoder class to perform all output encoding in the application. For more information, see the AntiXssEncoder class overview.
Notes to Inheritors
When you create a custom encoder class and override the base methods of the base class, the derived encoder might throw an exception from any of the overridden methods. However, in the following cases throwing such an exception could lead to unexpected behavior in ASP.NET:
If ASP.NET is rendering an error page that is caused by an unhandled exception that was thrown from a custom encoder, ASP.NET does not attempt to encode its error output by calling into the custom encoder. This avoids recursive error conditions.
When ASP.NET is sending HTTP headers to IIS, ASP.NET has no provision for unhandled exceptions. Therefore, the standard ASP.NET error page will be rendered (if configuration settings allows this page to be displayed).
Initializes a new instance of the HttpEncoder class.
Gets or set the HttpEncoder type that will be used in an application.
Gets a reference to the default encoder for ASP.NET.
Determines whether the specified object is equal to the current object.(Inherited from Object)
Serves as the default hash function.(Inherited from Object)
Gets the Type of the current instance.(Inherited from Object)
|HeaderNameValueEncode(String, String, String, String)||
Encodes a header name and value into a string that can be used as an HTTP header.
Encodes an incoming value into a string that can be inserted into an HTML attribute that is delimited by using single or double quotation marks.
Decodes a value from an HTML-encoded string.
Encodes a string into an HTML-encoded string.
Encodes a string.
Creates a shallow copy of the current Object.(Inherited from Object)
Returns a string that represents the current object.(Inherited from Object)
|UrlEncode(Byte, Int32, Int32)||
Encodes an array of characters that are not allowed in a URL into a hexadecimal character-entity equivalent.
Encodes a subsection of a URL.