AntiXssEncoder.HtmlFormUrlEncode Method (String)

.NET Framework 4.5

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded".

Namespace:  System.Web.Security.AntiXss
Assembly:  System.Web (in System.Web.dll)

public static string HtmlFormUrlEncode(
	string input
)

Parameters

input
Type: System.String

The string to encode.

Return Value

Type: System.String
The encoded string.

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

NoteNote

Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.

Unicode code chart

Character(s)

Description

C0 Controls and Basic Latin

A-Z

Uppercase alphabetic characters

C0 Controls and Basic Latin

a-z

Lowercase alphabetic characters

C0 Controls and Basic Latin

0-9

Numbers

C0 Controls and Basic Latin

-

Hyphen, minus

C0 Controls and Basic Latin

.

Period, dot, full stop

C0 Controls and Basic Latin

_

Underscore

C0 Controls and Basic Latin

~

Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

alert('XSS Attack!');

alert%28%27XSS+Attack%21%27%29%3b

<script>alert('XSS Attack!');</script>

%3cscript%3ealert%28%27XSS+Attack%21%27%29%3b%3c%2fscript%3e

alert('XSSあAttack!');

alert%28%27XSS%e3%81%82Attack%21%27%29%3b

user@contoso.com

user@contoso.com

Anti-Cross Site Scripting Namespace

Anti-Cross+Site+Scripting+Namespace

.NET Framework

Supported in: 4.6
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft