AntiXssEncoder Class

AntiXssEncoder Class

.NET Framework (current version)
 

Encodes a string for use in HTML, XML, CSS, and URL strings.

Namespace:   System.Web.Security.AntiXss
Assembly:  System.Web (in System.Web.dll)

System.Object
  System.Web.Util.HttpEncoder
    System.Web.Security.AntiXss.AntiXssEncoder

public class AntiXssEncoder : HttpEncoder

NameDescription
System_CAPS_pubmethodAntiXssEncoder()

Initializes a new instance of the AntiXssEncoder class.

NameDescription
System_CAPS_pubmethodSystem_CAPS_staticCssEncode(String)

Encodes the specified string for use in cascading style sheets (CSS).

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_protmethodFinalize()

Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_protmethodHeaderNameValueEncode(String, String, String, String)

Encodes a header name and value into a string that can be used as an HTTP header.(Inherited from HttpEncoder.)

System_CAPS_protmethodHtmlAttributeEncode(String, TextWriter)

Encodes and outputs the specified string for use in an HTML attribute.(Overrides HttpEncoder.HtmlAttributeEncode(String, TextWriter).)

System_CAPS_protmethodHtmlDecode(String, TextWriter)

Decodes a value from an HTML-encoded string.(Inherited from HttpEncoder.)

System_CAPS_pubmethodSystem_CAPS_staticHtmlEncode(String, Boolean)

Encodes the specified string for use as text in HTML markup and optionally specifies whether to use HTML 4.0 named entities.

System_CAPS_protmethodHtmlEncode(String, TextWriter)

Encodes the specified string for use as text in HTML markup and outputs the string by using the specified text writer.(Overrides HttpEncoder.HtmlEncode(String, TextWriter).)

System_CAPS_pubmethodSystem_CAPS_staticHtmlFormUrlEncode(String)

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded".

System_CAPS_pubmethodSystem_CAPS_staticHtmlFormUrlEncode(String, Encoding)

Encodes the specified string for form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified character encoding type.

System_CAPS_pubmethodSystem_CAPS_staticHtmlFormUrlEncode(String, Int32)

Encodes the specified string for use in form submissions whose MIME type is "application/x-www-form-urlencoded" by using the specified code page.

System_CAPS_protmethodJavaScriptStringEncode(String)

Encodes a string.(Inherited from HttpEncoder.)

System_CAPS_pubmethodSystem_CAPS_staticMarkAsSafe(LowerCodeCharts, LowerMidCodeCharts, MidCodeCharts, UpperMidCodeCharts, UpperCodeCharts)

Marks characters from the specified Unicode code charts as safe.

System_CAPS_protmethodMemberwiseClone()

Creates a shallow copy of the current Object.(Inherited from Object.)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

System_CAPS_protmethodUrlEncode(Byte[], Int32, Int32)

Encodes the specified byte array for use in a URL, starting at the specified offset in the byte array and encoding the specified number of bytes.(Overrides HttpEncoder.UrlEncode(Byte[], Int32, Int32).)

System_CAPS_pubmethodSystem_CAPS_staticUrlEncode(String)

Encodes the specified string for use in a URL.

System_CAPS_pubmethodSystem_CAPS_staticUrlEncode(String, Encoding)

Encodes the specified string for use in a URL by using the specified character encoding type.

System_CAPS_pubmethodSystem_CAPS_staticUrlEncode(String, Int32)

Encodes the specified string for use in a URL by using the specified code page.

System_CAPS_protmethodUrlPathEncode(String)

Encodes path strings for use in a URL.(Overrides HttpEncoder.UrlPathEncode(String).)

System_CAPS_pubmethodSystem_CAPS_staticXmlAttributeEncode(String)

Encodes the specified string for use in XML attributes.

System_CAPS_pubmethodSystem_CAPS_staticXmlEncode(String)

Encodes the specified string for use in XML attributes.

You can use the AntiXssEncoder class to override the HttpEncoder class that is used by default to encode and decode strings in methods of classes such as HttpUtility, HttpServerUtility, and HttpResponseHeader.

In the AntiXssEncoder class, all characters that are not found in the safe list are encoded by the HtmlAttributeEncode and HtmlEncode methods.

To replace the HttpEncoder class with the AntiXssEncoder class, register it using the encoderType attribute of the httpRuntime element in the Web.config file, as shown in following example:

<httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder" />

A list of default safe characters for different encoding methods can be found in the remarks for the HtmlAttributeEncode, HtmlEncode, XmlAttributeEncode, and XmlEncode methods. The default safe list can be modified by using the MarkAsSafe method.

.NET Framework
Available since 4.5

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show:
© 2016 Microsoft