Provides encoding and decoding logic.
Assembly: System.Web (in System.Web.dll)
Thetype exposes the following members.
|Equals(Object)||Determines whether the specified object is equal to the current object. (Inherited from Object.)|
|Finalize||Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)|
|GetHashCode||Serves as the default hash function. (Inherited from Object.)|
|GetType||Gets the Type of the current instance. (Inherited from Object.)|
|HeaderNameValueEncode||Encodes a header name and value into a string that can be used as an HTTP header.|
|HtmlAttributeEncode||Encodes an incoming value into a string that can be inserted into an HTML attribute that is delimited by using single or double quotation marks.|
|HtmlDecode||Decodes a value from an HTML-encoded string.|
|HtmlEncode||Encodes a string into an HTML-encoded string.|
|MemberwiseClone||Creates a shallow copy of the current Object. (Inherited from Object.)|
|ToString||Returns a string that represents the current object. (Inherited from Object.)|
|UrlEncode||Encodes an array of characters that are not allowed in a URL into a hexadecimal character-entity equivalent.|
|UrlPathEncode||Encodes a subsection of a URL.|
You can inherit from the class and override its behavior to customize the default encoding and decoding behavior of ASP.NET. You then set the EncoderType property of the HttpRuntimeSection class to configure your custom class.
A custom class for encoding and decoding that derives from can override the built-in ASP.NET encoding and decoding behavior or change only selected aspects of it.
You can configure the custom encoding type for in ASP.NET to replace or supplement the following encoding behavior:
HTML attribute encoding
URL path encoding
HTTP header name and header value encoding
By default, ASP.NET applications are configured to use the AntiXssEncoder type for all output encoding.
The following example from an application-level Web.config file shows how the AntiXssEncoder type is set for an ASP.NET application:
<httpRuntime requestValidationMode="4.5" encoderType="System.Web.Security.AntiXss.AntiXssEncoder, System.Web, Version=18.104.22.168, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>Notes to Inheritors
When you create a custom encoder class and override the base methods of the base class, the derived encoder might throw an exception from any of the overridden methods. However, in the following cases throwing such an exception could lead to unexpected behavior in ASP.NET:
If ASP.NET is rendering an error page that is caused by an unhandled exception that was thrown from a custom encoder, ASP.NET does not attempt to encode its error output by calling into the custom encoder. This avoids recursive error conditions.
When ASP.NET is sending HTTP headers to IIS, ASP.NET has no provision for unhandled exceptions. Therefore, the standard ASP.NET error page will be rendered (if configuration settings allows this page to be displayed).