AntiXssEncoder::UrlEncode Method (array<Byte>^, Int32, Int32)

.NET Framework (current version)
 

Encodes the specified byte array for use in a URL, starting at the specified offset in the byte array and encoding the specified number of bytes.

Namespace:   System.Web.Security.AntiXss
Assembly:  System.Web (in System.Web.dll)

public protected:
virtual array<unsigned char>^ UrlEncode(
	array<unsigned char>^ bytes,
	int offset,
	int count
) override

Parameters

bytes
Type: array<System::Byte>^

The byte array to encode.

offset
Type: System::Int32

The index of the first byte to encode.

count
Type: System::Int32

The number of bytes to encode.

Return Value

Type: array<System::Byte>^

The encoded byte array.

This method encodes all characters except those that are in the safe list. Characters are encoded by using %SINGLE_BYTE_HEX notation.

The following table lists the default safe characters.

Unicode code chart

Character(s)

Description

C0 Controls and Basic Latin

A-Z

Uppercase alphabetic characters

C0 Controls and Basic Latin

a-z

Lowercase alphabetic characters

C0 Controls and Basic Latin

0-9

Numbers

C0 Controls and Basic Latin

-

Hyphen, minus

C0 Controls and Basic Latin

.

Period, dot, full stop

C0 Controls and Basic Latin

_

Underscore

C0 Controls and Basic Latin

~

Tilde

The following table lists examples of inputs and the corresponding encoded outputs.

alert('XSS Attack!');

alert%28%27XSS%20Attack%21%27%29%3b

<script>alert('XSS Attack!');</script>

%3cscript%3ealert%28%27XSS%20Attack%21%27%29%3b%3c%2fscript%3e

alert('XSSあAttack!');

alert%28%27XSS%e3%81%82Attack%21%27%29%3b

user@contoso.com

user%40contoso.com

"Anti-Cross Site Scripting Namespace"

%22Anti-Cross%20Site%20Scripting%20Namespace%22

.NET Framework
Available since 4.5
Return to top
Show: