/// <summary> /// Encodes input strings for use in JavaScript. /// </summary> /// <param name="input">String to be encoded.</param> /// <returns> /// Encoded string for use in JavaScript. /// </returns> /// <remarks> /// This function encodes all but known safe characters. Characters are encoded using \xSINGLE_BYTE_HEX and \uDOUBLE_BYTE_HEX notation. /// <newpara /> /// Safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>,</term><description>Comma</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// <item><term> </term><description>Space</description></item> /// <item><term> </term><description>Other International character ranges</description></item> /// </list> /// <newpara /> /// Example inputs and encoded outputs: /// <list type="table"> /// <item><term>alert('XSS Attack!');</term><description>'alert\x28\x27XSS Attack\x21\x27\x29\x3b'</description></item> /// <item><term>[email protected]</term><description>'user\x40contoso.com'</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>'Anti-Cross Site Scripting Library'</description></item> /// </list> /// </remarks> public static string JavaScriptEncode(string input) { return(Encoder.JavaScriptEncode(input, true)); }
/// <summary> /// Encodes input strings for use as a value in Lightweight Directory Access Protocol (LDAP) DNs. /// </summary> /// <param name="input">String to be encoded.</param> /// <returns>Encoded string for use as a value in LDAP DNs.</returns> /// <remarks>This method encodes all but known safe characters defined in the safe list. /// <newpara /> /// RFC 2253 defines the format in which special characters need to be /// escaped to be used inside a search filter. Special characters need to be /// encoded in #XX format where XX is the hex representation of the character or a /// specific \ escape format. /// <newpara /> /// The following examples illustrate the use of the escaping mechanism. /// <list type="table"> /// <item><term>, + \ " \ < ></term><description>\, \+ \" \\ \< \></description></item> /// <item><term> hello</term><description>\ hello</description></item> /// <item><term>hello </term><description>hello \ </description></item> /// <item><term>#hello</term><description>\#hello</description></item> /// <item><term>Lučić</term><description>Lu#C4#8Di#C4#87</description></item> /// </list> /// </remarks> public static string LdapDistinguishedNameEncode(string input) { return(Encoder.LdapDistinguishedNameEncode(input, true, true)); }
/// <summary> /// Encodes input strings for use in application/x-www-form-urlencoded form submissions. /// </summary> /// <param name="input">String to be encoded.</param> /// <param name="codePage">Codepage number of the input.</param> /// <returns> /// Encoded string for use in URLs. /// </returns> /// <remarks> /// This function encodes the output as per the encoding parameter (codepage) passed to it. It encodes /// all but known safe characters. Characters are encoded using %SINGLE_BYTE_HEX and %DOUBLE_BYTE_HEX notation. /// <newpara /> /// Safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// <item><term>~</term><description>Tilde</description></item> /// </list> /// <newpara /> /// Example inputs and encoded outputs: /// <list type="table"> /// <item><term>alert('XSSあAttack!');</term><description>alert%28%27XSS%82%a0Attack%21%27%29%3b</description></item> /// <item><term>[email protected]</term><description>user%40contoso.com</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross+Site+Scripting+Library</description></item> /// </list> /// </remarks> public static string HtmlFormUrlEncode(string input, int codePage) { return(Encoder.HtmlFormUrlEncode(input, Encoding.GetEncoding(codePage))); }
/// <summary> /// Encodes input strings for use in application/x-www-form-urlencoded form submissions. /// </summary> /// <param name="input">String to be encoded.</param> /// <returns> /// Encoded string for use in URLs. /// </returns> /// <remarks> /// This function encodes all but known safe characters. Characters are encoded using %SINGLE_BYTE_HEX /// and %DOUBLE_BYTE_HEX notation. /// <newpara /> /// Safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// <item><term>~</term><description>Tilde</description></item> /// </list> /// <newpara /> /// Example inputs and encoded outputs: /// <list type="table"> /// <item><term>alert('XSS Attack!');</term><description>alert%28%27XSS+Attack%21%27%29%3b</description></item> /// <item><term>[email protected]</term><description>user%40contoso.com</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross+Site+Scripting+Library</description></item> /// </list> /// </remarks> public static string HtmlFormUrlEncode(string input) { return(Encoder.HtmlFormUrlEncode(input, Encoding.UTF8)); }
/// <summary> /// Encodes input strings for use in universal resource locators (URLs). /// </summary> /// <param name="input">String to be encoded.</param> /// <returns> /// Encoded string for use in URLs. /// </returns> /// <remarks> /// This function encodes all but known safe characters. Characters are encoded using %SINGLE_BYTE_HEX /// and %DOUBLE_BYTE_HEX notation. /// <newpara /> /// Safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// <item><term>~</term><description>Tilde</description></item> /// </list> /// <newpara /> /// Example inputs and encoded outputs: /// <list type="table"> /// <item><term>alert('XSS Attack!');</term><description>alert%28%27XSS%20Attack%21%27%29%3b</description></item> /// <item><term>[email protected]</term><description>user%40contoso.com</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross%20Site%20Scripting%20Library</description></item> /// </list> /// </remarks> public static string UrlEncode(string input) { return(Encoder.UrlEncode(input, Encoding.UTF8)); }
/// <summary> /// Encodes input strings for use in HTML. /// </summary> /// <param name="input">String to be encoded.</param> /// <returns> /// Encoded string for use in HTML. /// </returns> /// <remarks> /// All characters not safe listed are encoded to their Unicode decimal value, using &#DECIMAL; notation. /// The default safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>,</term><description>Comma</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// <item><term>'</term><description>Apostrophe</description></item> /// <item><term> </term><description>Space</description></item> /// </list> /// The safe list may be adjusted using <see cref="M:Microsoft.Security.Application.UnicodeCharacterEncoder.MarkAsSafe(Microsoft.Security.Application.LowerCodeCharts,Microsoft.Security.Application.LowerMidCodeCharts,Microsoft.Security.Application.MidCodeCharts,Microsoft.Security.Application.UpperMidCodeCharts,Microsoft.Security.Application.UpperCodeCharts)" />. /// <newpara /> /// Example inputs and their related encoded outputs: /// <list type="table"> /// <item><term><script>alert('XSS Attack!');</script></term><description>&lt;script&gt;alert('XSS Attack!');&lt;/script&gt;</description></item> /// <item><term>[email protected]</term><description>[email protected]</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item> /// <item><term>"Anti-Cross Site Scripting Library"</term><description>&quote;Anti-Cross Site Scripting Library&quote;</description></item> /// </list> /// </remarks> public static string HtmlEncode(string input) { return(Encoder.HtmlEncode(input, false)); }
public static string LdapEncode(string input) { return(Encoder.LdapFilterEncode(input)); }