AntiXssEncoder Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Encodes a string for use in HTML, XML, CSS, and URL strings.
public ref class AntiXssEncoder : System::Web::Util::HttpEncoder
public class AntiXssEncoder : System.Web.Util.HttpEncoder
type AntiXssEncoder = class
inherit HttpEncoder
Public Class AntiXssEncoder
Inherits HttpEncoder
- Inheritance
Remarks
You can use the AntiXssEncoder class to override the HttpEncoder class that is used by default to encode and decode strings in methods of classes such as HttpUtility, HttpServerUtility, and HttpResponseHeader.
In the AntiXssEncoder class, all characters that are not found in the safe list are encoded by the HtmlAttributeEncode and HtmlEncode methods.
To replace the HttpEncoder class with the AntiXssEncoder class, register it using the encoderType
attribute of the httpRuntime element in the Web.config file, as shown in following example:
<httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder" />
A list of default safe characters for different encoding methods can be found in the remarks for the HtmlAttributeEncode, HtmlEncode, XmlAttributeEncode, and XmlEncode methods. The default safe list can be modified by using the MarkAsSafe method.
Constructors
AntiXssEncoder() |
Initializes a new instance of the AntiXssEncoder class. |
Methods
CssEncode(String) |
Encodes the specified string for use in cascading style sheets (CSS). |
Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
GetType() |
Gets the Type of the current instance. (Inherited from Object) |
HeaderNameValueEncode(String, String, String, String) |
Encodes a header name and value into a string that can be used as an HTTP header. (Inherited from HttpEncoder) |
HtmlAttributeEncode(String, TextWriter) |
Encodes and outputs the specified string for use in an HTML attribute. |
HtmlDecode(String, TextWriter) |
Decodes a value from an HTML-encoded string. (Inherited from HttpEncoder) |
HtmlEncode(String, Boolean) |
Encodes the specified string for use as text in HTML markup and optionally specifies whether to use HTML 4.0 named entities. |
HtmlEncode(String, TextWriter) |
Encodes the specified string for use as text in HTML markup and outputs the string by using the specified text writer. |
HtmlFormUrlEncode(String) |
Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded". |
HtmlFormUrlEncode(String, Encoding) |
Encodes the specified string for form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified character encoding type. |
HtmlFormUrlEncode(String, Int32) |
Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified code page. |
JavaScriptStringEncode(String) |
Encodes a string. (Inherited from HttpEncoder) |
MarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts) |
Marks characters from the specified Unicode code charts as safe. |
MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
ToString() |
Returns a string that represents the current object. (Inherited from Object) |
UrlEncode(Byte[], Int32, Int32) |
Encodes the specified byte array for use in a URL, starting at the specified offset in the byte array and encoding the specified number of bytes. |
UrlEncode(String) |
Encodes the specified string for use in a URL. |
UrlEncode(String, Encoding) |
Encodes the specified string for use in a URL by using the specified character encoding type. |
UrlEncode(String, Int32) |
Encodes the specified string for use in a URL by using the specified code page. |
UrlPathEncode(String) |
Encodes path strings for use in a URL. |
XmlAttributeEncode(String) |
Encodes the specified string for use in XML attributes. |
XmlEncode(String) |
Encodes the specified string for use in XML attributes. |