HtmlFormUrlEncode Method (String, Int32)
Collapse the table of content
Expand the table of content

AntiXssEncoder.HtmlFormUrlEncode Method (String, Int32)

.NET Framework (current version)
 

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified code page.

Namespace:   System.Web.Security.AntiXss
Assembly:  System.Web (in System.Web.dll)

public static string HtmlFormUrlEncode(
	string input,
	int codePage
)

Parameters

input
Type: System.String

The string to encode.

codePage
Type: System.Int32

The code page to use to encode the input string.

Return Value

Type: System.String

The encoded string.

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

System_CAPS_noteNote

Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.

The following table lists the default safe characters.

Unicode code chart

Character(s)

Description

C0 Controls and Basic Latin

A-Z

Uppercase alphabetic characters

C0 Controls and Basic Latin

a-z

Lowercase alphabetic characters

C0 Controls and Basic Latin

0-9

Numbers

C0 Controls and Basic Latin

-

Hyphen, minus

C0 Controls and Basic Latin

.

Period, dot, full stop

C0 Controls and Basic Latin

_

Underscore

C0 Controls and Basic Latin

~

Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

alert('XSS Attack!');

alert%28%27XSS+Attack%21%27%29%3b

<script>alert('XSS Attack!');</script>

%3cscript%3ealert%28%27XSS+Attack%21%27%29%3b%3c%2fscript%3e

alert('XSSあAttack!');

alert%28%27XSS%e3%81%82Attack%21%27%29%3b

user@contoso.com

user%40contoso.com

Anti-Cross Site Scripting Namespace

Anti-Cross+Site+Scripting+Namespace

.NET Framework
Available since 4.5
Return to top
Show:
© 2016 Microsoft