AntiXssEncoder.UrlEncode Method (Byte(), Int32, Int32)
Encodes the specified byte array for use in a URL, starting at the specified offset in the byte array and encoding the specified number of bytes.
Assembly: System.Web (in System.Web.dll)
Protected Friend Overrides Function UrlEncode ( bytes As Byte(), offset As Integer, count As Integer ) As Byte()
Parameters
- bytes
-
Type:
System.Byte()
The byte array to encode.
- offset
-
Type:
System.Int32
The index of the first byte to encode.
- count
-
Type:
System.Int32
The number of bytes to encode.
This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.
The following table lists the default safe characters.
Unicode code chart | Character(s) | Description |
|---|---|---|
A-Z | Uppercase alphabetic characters | |
a-z | Lowercase alphabetic characters | |
0-9 | Numbers | |
- | Hyphen, minus | |
. | Period, dot, full stop | |
_ | Underscore | |
~ | Tilde |
The following table lists examples of inputs and the corresponding encoded outputs.
alert('XSS Attack!'); | alert%28%27XSS%20Attack%21%27%29%3b |
<script>alert('XSS Attack!');</script> | %3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e |
alert('XSSあAttack!'); | alert%28%27XSS%e3%81%82Attack%21%27%29%3b |
user@contoso.com | user%40contoso.com |
"Anti-Cross Site Scripting Namespace" | %22Anti-Cross%20Site%20Scripting%20Namespace%22 |
Available since 4.5