Export (0) Print
Expand All

AntiXssEncoder.HtmlFormUrlEncode Method (String)

.NET Framework 4.5

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded".

Namespace:  System.Web.Security.AntiXss
Assembly:  System.Web (in System.Web.dll)

static member HtmlFormUrlEncode : 
        input:string -> string

Parameters

input
Type: System.String

The string to encode.

Return Value

Type: System.String
The encoded string.

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

NoteNote

Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.

Unicode code chart

Character(s)

Description

C0 Controls and Basic Latin

A-Z

Uppercase alphabetic characters

C0 Controls and Basic Latin

a-z

Lowercase alphabetic characters

C0 Controls and Basic Latin

0-9

Numbers

C0 Controls and Basic Latin

-

Hyphen, minus

C0 Controls and Basic Latin

.

Period, dot, full stop

C0 Controls and Basic Latin

_

Underscore

C0 Controls and Basic Latin

~

Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

alert('XSS Attack!');

alert%28%27XSS+Attack%21%27%29%3b

<script>alert('XSS Attack!');</script>

%3cscript%3ealert%28%27XSS+Attack%21%27%29%3b%3c%2fscript%3e

alert('XSSあAttack!');

alert%28%27XSS%e3%81%82Attack%21%27%29%3b

user@contoso.com

user@contoso.com

Anti-Cross Site Scripting Namespace

Anti-Cross+Site+Scripting+Namespace

.NET Framework

Supported in: 4.6, 4.5

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft