/// <summary> /// Encodes input strings for use in XML attributes. /// </summary> /// <param name="input">String to be encoded.</param> /// <returns> /// Encoded string for use in XML attributes. /// </returns> /// <remarks> /// This function encodes all but known safe characters. Characters are encoded using &#DECIMAL; notation. /// <newpara/> /// Safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>,</term><description>Comma</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// </list> /// The safe list may be adjusted using <see cref="UnicodeCharacterEncoder.MarkAsSafe"/>. /// <newpara/> /// Example inputs and encoded outputs: /// <list type="table"> /// <item><term>alert('XSS Attack!');</term><description>alert(&apos;XSS Attack!&apos);</description></item> /// <item><term>[email protected]</term><description>[email protected]</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross&#32;Site&#32;Scripting&#32;Library</description></item> /// </list> /// </remarks> public static string XmlAttributeEncode(string input) { // HtmlEncodeAttribute will handle input return(UnicodeCharacterEncoder.XmlAttributeEncode(input)); }
/// <summary> /// Encodes an input string for use in an HTML attribute. /// </summary> /// <param name="input">String to be encoded.</param> /// <returns>The input string encoded for use in an HTML attribute.</returns> /// <remarks> /// This function encodes all but known safe characters. Characters are encoded using &#DECIMAL; notation. /// <newpara/> /// Safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>,</term><description>Comma</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// </list> /// The safe list may be adjusted using <see cref="UnicodeCharacterEncoder.MarkAsSafe"/>. /// <newpara/> /// Example inputs and encoded outputs: /// <list type="table"> /// <item><term>alert('XSS Attack!');</term><description>alert(&#39;XSS&#32;Attack!&#39;);</description></item> /// <item><term>[email protected]</term><description>[email protected]</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross&#32;Site&#32;Scripting&#32;Library</description></item> /// </list> /// </remarks> public static string HtmlAttributeEncode(string input) { return(UnicodeCharacterEncoder.HtmlAttributeEncode(input)); }
/// <summary> /// Encodes input strings for use in XML. /// </summary> /// <param name="input">String to be encoded.</param> /// <returns> /// Encoded string for use in XML. /// </returns> /// <remarks> /// This function encodes all but known safe characters. Characters are encoded using &#DECIMAL; notation. /// <newpara/> /// Safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>,</term><description>Comma</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// <item><term> </term><description>Space</description></item> /// </list> /// The safe list may be adjusted using <see cref="UnicodeCharacterEncoder.MarkAsSafe"/>. /// <newpara/> /// Example inputs and encoded outputs: /// <list type="table"> /// <item><term>alert('XSS Attack!');</term><description>alert(&apos;XSS Attack!&apos;);</description></item> /// <item><term>[email protected]</term><description>[email protected]</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item> /// </list> /// </remarks> public static string XmlEncode(string input) { return(UnicodeCharacterEncoder.XmlEncode(input)); }
/// <summary> /// Encodes input strings for use in HTML. /// </summary> /// <param name="input">String to be encoded.</param> /// <param name="useNamedEntities">Value indicating if the HTML 4.0 named entities should be used.</param> /// <returns> /// Encoded string for use in HTML. /// </returns> /// <remarks> /// All characters not safe listed are encoded to their Unicode decimal value, using &#DECIMAL; notation. /// If you choose to use named entities then if a character is an HTML4.0 named entity the named entity will be used. /// The default safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>,</term><description>Comma</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// <item><term>'</term><description>Apostrophe</description></item> /// <item><term> </term><description>Space</description></item> /// </list> /// The safe list may be adjusted using <see cref="UnicodeCharacterEncoder.MarkAsSafe"/>. /// <newpara/> /// Example inputs and their related encoded outputs: /// <list type="table"> /// <item><term><script>alert('XSS Attack!');</script></term><description>&lt;script&gt;alert('XSS Attack!');&lt;/script&gt;</description></item> /// <item><term>[email protected]</term><description>[email protected]</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item> /// <item><term>"Anti-Cross Site Scripting Library"</term><description>&quote;Anti-Cross Site Scripting Library&quote;</description></item> /// </list> /// </remarks> public static string HtmlEncode(string input, bool useNamedEntities) { return(UnicodeCharacterEncoder.HtmlEncode(input, useNamedEntities)); }