AntiXssEncoder::UrlEncode Method (String, Int32)
Encodes the specified string for use in a URL by using the specified code page.
Assembly: System.Web (in System.Web.dll)
Parameters
- input
- Type: System::String
The string to encode.
- codePage
- Type: System::Int32
The code page to use to encode the input string.
This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.
The following table lists the default safe characters.
Unicode code chart | Character(s) | Description |
|---|---|---|
A-Z | Uppercase alphabetic characters | |
a-z | Lowercase alphabetic characters | |
0-9 | Numbers | |
- | Hyphen, minus | |
. | Period, dot, full stop | |
_ | Underscore | |
~ | Tilde |
The following table lists examples of inputs and the corresponding encoded outputs.
alert('XSS Attack!'); | alert%28%27XSS%20Attack%21%27%29%3b |
<script>alert('XSS Attack!');</script> | %3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e |
alert('XSSあAttack!'); | alert%28%27XSS%e3%81%82Attack%21%27%29%3b |
user@contoso.com | user%40contoso.com |
"Anti-Cross Site Scripting Namespace" | %22Anti-Cross%20Site%20Scripting%20Namespace%22 |
Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
