Beispiel #1
0
 /// <summary>
 /// Encodes input strings for use in XML attributes.
 /// </summary>
 /// <param name="input">String to be encoded.</param>
 /// <returns>
 /// Encoded string for use in XML attributes.
 /// </returns>
 /// <remarks>
 /// This function encodes all but known safe characters.  Characters are encoded using &amp;#DECIMAL; notation.
 /// <newpara/>
 /// Safe characters include:
 /// <list type="table">
 /// <item><term>a-z</term><description>Lower case alphabet</description></item>
 /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
 /// <item><term>0-9</term><description>Numbers</description></item>
 /// <item><term>,</term><description>Comma</description></item>
 /// <item><term>.</term><description>Period</description></item>
 /// <item><term>-</term><description>Dash</description></item>
 /// <item><term>_</term><description>Underscore</description></item>
 /// </list>
 /// The safe list may be adjusted using <see cref="UnicodeCharacterEncoder.MarkAsSafe"/>.
 /// <newpara/>
 /// Example inputs and encoded outputs:
 /// <list type="table">
 /// <item><term>alert('XSS Attack!');</term><description>alert(&amp;apos;XSS&#32;Attack!&amp;apos);</description></item>
 /// <item><term>[email protected]</term><description>[email protected]</description></item>
 /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross&amp;#32;Site&amp;#32;Scripting&amp;#32;Library</description></item>
 /// </list>
 /// </remarks>
 public static string XmlAttributeEncode(string input)
 {
     // HtmlEncodeAttribute will handle input
     return(UnicodeCharacterEncoder.XmlAttributeEncode(input));
 }
Beispiel #2
0
 /// <summary>
 /// Encodes an input string for use in an HTML attribute.
 /// </summary>
 /// <param name="input">String to be encoded.</param>
 /// <returns>The input string encoded for use in an HTML attribute.</returns>
 /// <remarks>
 /// This function encodes all but known safe characters.  Characters are encoded using  &amp;#DECIMAL; notation.
 /// <newpara/>
 /// Safe characters include:
 /// <list type="table">
 /// <item><term>a-z</term><description>Lower case alphabet</description></item>
 /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
 /// <item><term>0-9</term><description>Numbers</description></item>
 /// <item><term>,</term><description>Comma</description></item>
 /// <item><term>.</term><description>Period</description></item>
 /// <item><term>-</term><description>Dash</description></item>
 /// <item><term>_</term><description>Underscore</description></item>
 /// </list>
 /// The safe list may be adjusted using <see cref="UnicodeCharacterEncoder.MarkAsSafe"/>.
 /// <newpara/>
 /// Example inputs and encoded outputs:
 /// <list type="table">
 /// <item><term>alert('XSS Attack!');</term><description>alert(&amp;#39;XSS&amp;#32;Attack!&amp;#39;);</description></item>
 /// <item><term>[email protected]</term><description>[email protected]</description></item>
 /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross&amp;#32;Site&amp;#32;Scripting&amp;#32;Library</description></item>
 /// </list>
 /// </remarks>
 public static string HtmlAttributeEncode(string input)
 {
     return(UnicodeCharacterEncoder.HtmlAttributeEncode(input));
 }
Beispiel #3
0
 /// <summary>
 /// Encodes input strings for use in XML.
 /// </summary>
 /// <param name="input">String to be encoded.</param>
 /// <returns>
 /// Encoded string for use in XML.
 /// </returns>
 /// <remarks>
 /// This function encodes all but known safe characters. Characters are encoded using &amp;#DECIMAL; notation.
 /// <newpara/>
 /// Safe characters include:
 /// <list type="table">
 /// <item><term>a-z</term><description>Lower case alphabet</description></item>
 /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
 /// <item><term>0-9</term><description>Numbers</description></item>
 /// <item><term>,</term><description>Comma</description></item>
 /// <item><term>.</term><description>Period</description></item>
 /// <item><term>-</term><description>Dash</description></item>
 /// <item><term>_</term><description>Underscore</description></item>
 /// <item><term> </term><description>Space</description></item>
 /// </list>
 /// The safe list may be adjusted using <see cref="UnicodeCharacterEncoder.MarkAsSafe"/>.
 /// <newpara/>
 /// Example inputs and encoded outputs:
 /// <list type="table">
 /// <item><term>alert('XSS Attack!');</term><description>alert(&amp;apos;XSS Attack!&amp;apos;);</description></item>
 /// <item><term>[email protected]</term><description>[email protected]</description></item>
 /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item>
 /// </list>
 /// </remarks>
 public static string XmlEncode(string input)
 {
     return(UnicodeCharacterEncoder.XmlEncode(input));
 }
Beispiel #4
0
 /// <summary>
 /// Encodes input strings for use in HTML.
 /// </summary>
 /// <param name="input">String to be encoded.</param>
 /// <param name="useNamedEntities">Value indicating if the HTML 4.0 named entities should be used.</param>
 /// <returns>
 /// Encoded string for use in HTML.
 /// </returns>
 /// <remarks>
 /// All characters not safe listed are encoded to their Unicode decimal value, using &amp;#DECIMAL; notation.
 /// If you choose to use named entities then if a character is an HTML4.0 named entity the named entity will be used.
 /// The default safe characters include:
 /// <list type="table">
 /// <item><term>a-z</term><description>Lower case alphabet</description></item>
 /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
 /// <item><term>0-9</term><description>Numbers</description></item>
 /// <item><term>,</term><description>Comma</description></item>
 /// <item><term>.</term><description>Period</description></item>
 /// <item><term>-</term><description>Dash</description></item>
 /// <item><term>_</term><description>Underscore</description></item>
 /// <item><term>'</term><description>Apostrophe</description></item>
 /// <item><term> </term><description>Space</description></item>
 /// </list>
 /// The safe list may be adjusted using <see cref="UnicodeCharacterEncoder.MarkAsSafe"/>.
 /// <newpara/>
 /// Example inputs and their related encoded outputs:
 /// <list type="table">
 /// <item><term>&lt;script&gt;alert('XSS Attack!');&lt;/script&gt;</term><description>&amp;lt;script&amp;gt;alert('XSS Attack!');&amp;lt;/script&amp;gt;</description></item>
 /// <item><term>[email protected]</term><description>[email protected]</description></item>
 /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item>
 /// <item><term>"Anti-Cross Site Scripting Library"</term><description>&amp;quote;Anti-Cross Site Scripting Library&amp;quote;</description></item>
 /// </list>
 /// </remarks>
 public static string HtmlEncode(string input, bool useNamedEntities)
 {
     return(UnicodeCharacterEncoder.HtmlEncode(input, useNamedEntities));
 }