public void Ctor_UnicodeRanges() { // Act var filter = new TextEncoderSettings(UnicodeRanges.LatinExtendedA, UnicodeRanges.LatinExtendedC); // Assert for (int i = 0; i < 0x0100; i++) { Assert.False(filter.IsCharacterAllowed((char)i)); } for (int i = 0x0100; i <= 0x017F; i++) { Assert.True(filter.IsCharacterAllowed((char)i)); } for (int i = 0x0180; i < 0x2C60; i++) { Assert.False(filter.IsCharacterAllowed((char)i)); } for (int i = 0x2C60; i <= 0x2C7F; i++) { Assert.True(filter.IsCharacterAllowed((char)i)); } for (int i = 0x2C80; i <= Char.MaxValue; i++) { Assert.False(filter.IsCharacterAllowed((char)i)); } }
public DefaultJavaScriptEncoder(TextEncoderSettings filter) { if (filter == null) { throw new ArgumentNullException(nameof(filter)); } _allowedCharacters = filter.GetAllowedCharacters(); // Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed // (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp) _allowedCharacters.ForbidUndefinedCharacters(); // Forbid characters that are special in HTML. // Even though this is a not HTML encoder, // it's unfortunately common for developers to // forget to HTML-encode a string once it has been JS-encoded, // so this offers extra protection. DefaultHtmlEncoder.ForbidHtmlCharacters(_allowedCharacters); _allowedCharacters.ForbidCharacter('\\'); _allowedCharacters.ForbidCharacter('/'); // Forbid GRAVE ACCENT \u0060 character. _allowedCharacters.ForbidCharacter('`'); }
public void Ctor_OtherTextEncoderSettingsAsInterface() { // Arrange var originalFilter = new OddTextEncoderSettings(); // Act var newFilter = new TextEncoderSettings(originalFilter); // Assert for (int i = 0; i <= Char.MaxValue; i++) { Assert.Equal((i % 2) == 1, newFilter.IsCharacterAllowed((char)i)); } }
public DefaultHtmlEncoder(TextEncoderSettings filter) { if (filter == null) { throw new ArgumentNullException("filter"); } _allowedCharacters = filter.GetAllowedCharacters(); // Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed // (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp) _allowedCharacters.ForbidUndefinedCharacters(); ForbidHtmlCharacters(_allowedCharacters); }
public void Ctor_OtherTextEncoderSettingsAsConcreteType_Clones() { // Arrange var originalFilter = new TextEncoderSettings(); originalFilter.AllowCharacter('x'); // Act var newFilter = new TextEncoderSettings(originalFilter); newFilter.AllowCharacter('y'); // Assert Assert.True(originalFilter.IsCharacterAllowed('x')); Assert.False(originalFilter.IsCharacterAllowed('y')); Assert.True(newFilter.IsCharacterAllowed('x')); Assert.True(newFilter.IsCharacterAllowed('y')); }
public void Ctor_WithCustomFilters() { // Arrange var filter = new TextEncoderSettings(); filter.AllowCharacters('a', 'b'); filter.AllowCharacters('\0', '&', '\uFFFF', 'd'); UnicodeEncoderBase encoder = new CustomUnicodeEncoderBase(filter); // Act & assert Assert.Equal("a", encoder.Encode("a")); Assert.Equal("b", encoder.Encode("b")); Assert.Equal("[U+0063]", encoder.Encode("c")); Assert.Equal("d", encoder.Encode("d")); Assert.Equal("[U+0000]", encoder.Encode("\0")); // we still always encode control chars Assert.Equal("[U+0026]", encoder.Encode("&")); // we still always encode HTML-special chars Assert.Equal("[U+FFFF]", encoder.Encode("\uFFFF")); // we still always encode non-chars and other forbidden chars }
public void Ctor_WithTextEncoderSettings() { // Arrange var filter = new TextEncoderSettings(); filter.AllowCharacters('a', 'b'); filter.AllowCharacters('\0', '&', '\uFFFF', 'd'); UrlEncoder encoder = new UrlEncoder(filter); // Act & assert Assert.Equal("a", encoder.UrlEncode("a")); Assert.Equal("b", encoder.UrlEncode("b")); Assert.Equal("%63", encoder.UrlEncode("c")); Assert.Equal("d", encoder.UrlEncode("d")); Assert.Equal("%00", encoder.UrlEncode("\0")); // we still always encode control chars Assert.Equal("%26", encoder.UrlEncode("&")); // we still always encode HTML-special chars Assert.Equal("%EF%BF%BF", encoder.UrlEncode("\uFFFF")); // we still always encode non-chars and other forbidden chars }
/// <summary> /// Instantiates an encoder using a custom allow list of characters. /// </summary> protected UnicodeEncoderBase(TextEncoderSettings filter, int maxOutputCharsPerInputChar) { _maxOutputCharsPerInputChar = maxOutputCharsPerInputChar; _allowedCharacters = filter.GetAllowedCharacters(); // Forbid characters that are special in HTML. // Even though this is a common encoder used by everybody (including URL // and JavaScript strings), it's unfortunately common for developers to // forget to HTML-encode a string once it has been URL-encoded or // JavaScript string-escaped, so this offers extra protection. ForbidCharacter('<'); ForbidCharacter('>'); ForbidCharacter('&'); ForbidCharacter('\''); // can be used to escape attributes ForbidCharacter('\"'); // can be used to escape attributes ForbidCharacter('+'); // technically not HTML-specific, but can be used to perform UTF7-based attacks // Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed // (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp) _allowedCharacters.ForbidUndefinedCharacters(); }
/// <summary> /// Instantiates an encoder using a custom code point filter. Any character not in the /// set returned by <paramref name="settings"/>'s <see cref="TextEncoderSettings.GetAllowedCodePoints"/> /// method will be escaped. /// </summary> public JavaScriptStringEncoderOld(TextEncoderSettings settings) : this(new JavaScriptStringUnicodeEncoder(settings)) { }
public void Ctor_Parameterless_CreatesEmptyFilter() { var filter = new TextEncoderSettings(); Assert.Equal(0, filter.GetAllowedCodePoints().Count()); }
/// <summary> /// Creates a new instance of JavaScriptEncoder with provided settings. /// </summary> /// <param name="settings">Settings used to control how the created <see cref="JavaScriptEncoder"/> encodes, primarily which characters to encode.</param> /// <returns>A new instance of the <see cref="JavaScriptEncoder"/>.</returns> public static JavaScriptEncoder Create(TextEncoderSettings settings) { return(new DefaultJavaScriptEncoder(settings)); }
/// <summary> /// Instantiates the filter by cloning the allow list of another <see cref="TextEncoderSettings"/>. /// </summary> public TextEncoderSettings(TextEncoderSettings other) { _allowedCharactersBitmap = AllowedCharactersBitmap.CreateNew(); AllowCodePoints(other.GetAllowedCodePoints()); }
internal UrlUnicodeEncoder(TextEncoderSettings filter) : base(filter, MaxOutputCharsPerInputChar) { // Per RFC 3987, Sec. 2.2, we want encodings that are safe for // four particular components: 'isegment', 'ipath-noscheme', // 'iquery', and 'ifragment'. The relevant definitions are below. // // ipath-noscheme = isegment-nz-nc *( "/" isegment ) // // isegment = *ipchar // // isegment-nz-nc = 1*( iunreserved / pct-encoded / sub-delims // / "@" ) // ; non-zero-length segment without any colon ":" // // ipchar = iunreserved / pct-encoded / sub-delims / ":" // / "@" // // iquery = *( ipchar / iprivate / "/" / "?" ) // // ifragment = *( ipchar / "/" / "?" ) // // iunreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" / ucschar // // ucschar = %xA0-D7FF / %xF900-FDCF / %xFDF0-FFEF // / %x10000-1FFFD / %x20000-2FFFD / %x30000-3FFFD // / %x40000-4FFFD / %x50000-5FFFD / %x60000-6FFFD // / %x70000-7FFFD / %x80000-8FFFD / %x90000-9FFFD // / %xA0000-AFFFD / %xB0000-BFFFD / %xC0000-CFFFD // / %xD0000-DFFFD / %xE1000-EFFFD // // pct-encoded = "%" HEXDIG HEXDIG // // sub-delims = "!" / "$" / "&" / "'" / "(" / ")" // / "*" / "+" / "," / ";" / "=" // // The only common characters between these four components are the // intersection of 'isegment-nz-nc' and 'ipchar', which is really // just 'isegment-nz-nc' (colons forbidden). // // From this list, the base encoder already forbids "&", "'", "+", // and we'll additionally forbid "=" since it has special meaning // in x-www-form-urlencoded representations. // // This means that the full list of allowed characters from the // Basic Latin set is: // ALPHA / DIGIT / "-" / "." / "_" / "~" / "!" / "$" / "(" / ")" / "*" / "," / ";" / "@" const string forbiddenChars = @" #%/:=?[\]^`{|}"; // chars from Basic Latin which aren't already disallowed by the base encoder foreach (char c in forbiddenChars) { ForbidCharacter(c); } // Specials (U+FFF0 .. U+FFFF) are forbidden by the definition of 'ucschar' above for (int i = 0; i < 16; i++) { ForbidCharacter((char)(0xFFF0 | i)); } // Supplementary characters are forbidden anyway by the base encoder }
/// <summary> /// Creates a new instance of JavaScriptEncoder with provided settings. /// </summary> /// <param name="settings">Settings used to control how the created <see cref="JavaScriptEncoder"/> encodes, primarily which characters to encode.</param> /// <returns>A new instance of the <see cref="JavaScriptEncoder"/>.</returns> public static JavaScriptEncoder Create(TextEncoderSettings settings) { return new DefaultJavaScriptEncoder(settings); }
public DefaultUrlEncoder(TextEncoderSettings filter) { if (filter == null) { throw new ArgumentNullException(nameof(filter)); } _allowedCharacters = filter.GetAllowedCharacters(); // Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed // (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp) _allowedCharacters.ForbidUndefinedCharacters(); // Forbid characters that are special in HTML. // Even though this is a not HTML encoder, // it's unfortunately common for developers to // forget to HTML-encode a string once it has been URL-encoded, // so this offers extra protection. DefaultHtmlEncoder.ForbidHtmlCharacters(_allowedCharacters); // Per RFC 3987, Sec. 2.2, we want encodings that are safe for // four particular components: 'isegment', 'ipath-noscheme', // 'iquery', and 'ifragment'. The relevant definitions are below. // // ipath-noscheme = isegment-nz-nc *( "/" isegment ) // // isegment = *ipchar // // isegment-nz-nc = 1*( iunreserved / pct-encoded / sub-delims // / "@" ) // ; non-zero-length segment without any colon ":" // // ipchar = iunreserved / pct-encoded / sub-delims / ":" // / "@" // // iquery = *( ipchar / iprivate / "/" / "?" ) // // ifragment = *( ipchar / "/" / "?" ) // // iunreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" / ucschar // // ucschar = %xA0-D7FF / %xF900-FDCF / %xFDF0-FFEF // / %x10000-1FFFD / %x20000-2FFFD / %x30000-3FFFD // / %x40000-4FFFD / %x50000-5FFFD / %x60000-6FFFD // / %x70000-7FFFD / %x80000-8FFFD / %x90000-9FFFD // / %xA0000-AFFFD / %xB0000-BFFFD / %xC0000-CFFFD // / %xD0000-DFFFD / %xE1000-EFFFD // // pct-encoded = "%" HEXDIG HEXDIG // // sub-delims = "!" / "$" / "&" / "'" / "(" / ")" // / "*" / "+" / "," / ";" / "=" // // The only common characters between these four components are the // intersection of 'isegment-nz-nc' and 'ipchar', which is really // just 'isegment-nz-nc' (colons forbidden). // // From this list, the base encoder already forbids "&", "'", "+", // and we'll additionally forbid "=" since it has special meaning // in x-www-form-urlencoded representations. // // This means that the full list of allowed characters from the // Basic Latin set is: // ALPHA / DIGIT / "-" / "." / "_" / "~" / "!" / "$" / "(" / ")" / "*" / "," / ";" / "@" const string forbiddenChars = @" #%/:=?[\]^`{|}"; // chars from Basic Latin which aren't already disallowed by the base encoder foreach (char character in forbiddenChars) { _allowedCharacters.ForbidCharacter(character); } // Specials (U+FFF0 .. U+FFFF) are forbidden by the definition of 'ucschar' above for (int i = 0; i < 16; i++) { _allowedCharacters.ForbidCharacter((char)(0xFFF0 | i)); } }
public void AllowChar() { // Arrange var filter = new TextEncoderSettings(); filter.AllowCharacter('\u0100'); // Assert Assert.True(filter.IsCharacterAllowed('\u0100')); Assert.False(filter.IsCharacterAllowed('\u0101')); }
public void AllowRange() { // Arrange var filter = new TextEncoderSettings(); filter.AllowRange(UnicodeRanges.LatinExtendedA); // Assert for (int i = 0; i < 0x0100; i++) { Assert.False(filter.IsCharacterAllowed((char)i)); } for (int i = 0x0100; i <= 0x017F; i++) { Assert.True(filter.IsCharacterAllowed((char)i)); } for (int i = 0x0180; i <= Char.MaxValue; i++) { Assert.False(filter.IsCharacterAllowed((char)i)); } }
public void AllowFilter() { // Arrange var filter = new TextEncoderSettings(UnicodeRanges.BasicLatin); filter.AllowCodePoints(new OddTextEncoderSettings().GetAllowedCodePoints()); // Assert for (int i = 0; i <= 0x007F; i++) { Assert.True(filter.IsCharacterAllowed((char)i)); } for (int i = 0x0080; i <= Char.MaxValue; i++) { Assert.Equal((i % 2) == 1, filter.IsCharacterAllowed((char)i)); } }
public void GetAllowedCodePoints() { // Arrange var expected = Enumerable.Range(UnicodeRanges.BasicLatin.FirstCodePoint, UnicodeRanges.BasicLatin.Length) .Concat(Enumerable.Range(UnicodeRanges.Specials.FirstCodePoint, UnicodeRanges.Specials.Length)) .Except(new int[] { 'x' }) .OrderBy(i => i) .ToArray(); var filter = new TextEncoderSettings(UnicodeRanges.BasicLatin, UnicodeRanges.Specials); filter.ForbidCharacter('x'); // Act var retVal = filter.GetAllowedCodePoints().OrderBy(i => i).ToArray(); // Assert Assert.Equal<int>(expected, retVal); }
public void ForbidRanges() { // Arrange var filter = new TextEncoderSettings(new OddTextEncoderSettings()); filter.ForbidRanges(UnicodeRanges.BasicLatin, UnicodeRanges.Specials); // Assert for (int i = 0; i <= 0x007F; i++) { Assert.False(filter.IsCharacterAllowed((char)i)); } for (int i = 0x0080; i <= 0xFFEF; i++) { Assert.Equal((i % 2) == 1, filter.IsCharacterAllowed((char)i)); } for (int i = 0xFFF0; i <= Char.MaxValue; i++) { Assert.False(filter.IsCharacterAllowed((char)i)); } }
public void ForbidChars_String() { // Arrange var filter = new TextEncoderSettings(UnicodeRanges.BasicLatin); filter.ForbidCharacters('x', 'z'); // Assert Assert.True(filter.IsCharacterAllowed('w')); Assert.False(filter.IsCharacterAllowed('x')); Assert.True(filter.IsCharacterAllowed('y')); Assert.False(filter.IsCharacterAllowed('z')); }
internal JavaScriptStringUnicodeEncoder(TextEncoderSettings filter) : base(filter, MaxOutputCharsPerInputChar) { // The only interesting characters above and beyond what the base encoder // already covers are the solidus and reverse solidus. ForbidCharacter('\\'); ForbidCharacter('/'); }
public void ConfigureServices(IServiceCollection services) { services.Configure<AppSettings>(Configuration); // We re-register the Scenarios as an instance singleton here to avoid it being created again due to the // registration done in Program.Main services.AddSingleton(Scenarios); // Common DB services services.AddSingleton<IRandom, DefaultRandom>(); services.AddSingleton<ApplicationDbSeeder>(); services.AddEntityFrameworkSqlServer() .AddDbContext<ApplicationDbContext>(); if (Scenarios.Any("Raw") || Scenarios.Any("Dapper")) { services.AddSingleton<DbProviderFactory>((provider) => { var settings = provider.GetRequiredService<IOptions<AppSettings>>().Value; if (settings.Database == DatabaseServer.PostgreSql) { return NpgsqlFactory.Instance; } else { return SqlClientFactory.Instance; } }); } if (Scenarios.Any("Ef")) { services.AddScoped<EfDb>(); } if (Scenarios.Any("Raw")) { services.AddScoped<RawDb>(); } if (Scenarios.Any("Dapper")) { services.AddScoped<DapperDb>(); } if (Scenarios.Any("Fortunes")) { var settings = new TextEncoderSettings(UnicodeRanges.BasicLatin, UnicodeRanges.Katakana, UnicodeRanges.Hiragana); settings.AllowCharacter('\u2014'); // allow EM DASH through services.AddWebEncoders((options) => { options.TextEncoderSettings = settings; }); } if (Scenarios.Any("Mvc")) { var mvcBuilder = services .AddMvcCore() //.AddApplicationPart(typeof(Startup).GetTypeInfo().Assembly) .AddControllersAsServices(); if (Scenarios.MvcJson || Scenarios.Any("MvcDbSingle") || Scenarios.Any("MvcDbMulti")) { mvcBuilder.AddJsonFormatters(); } if (Scenarios.MvcViews || Scenarios.Any("MvcDbFortunes")) { mvcBuilder .AddViews() .AddRazorViewEngine(); } } }
/// <summary> /// Instantiates an encoder using a custom code point filter. Any character not in the /// set returned by <paramref name="settings"/>'s <see cref="TextEncoderSettings.GetAllowedCodePoints"/> /// method will be escaped. /// </summary> public UrlEncoderOld(TextEncoderSettings settings) : this(new UrlUnicodeEncoder(settings)) { }
/// <summary> /// Instantiates an encoder using a custom code point filter. Any character not in the /// set returned by <paramref name="settings"/>'s <see cref="TextEncoderSettings.GetAllowedCodePoints"/> /// method will be escaped. /// </summary> public HtmlEncoderOld(TextEncoderSettings settings) : this(new HtmlUnicodeEncoder(settings)) { }
// We pass a (known bad) value of 1 for 'max output chars per input char', // which also tests that the code behaves properly even if the original // estimate is incorrect. public CustomUnicodeEncoderBase(TextEncoderSettings filter) : base(filter, maxOutputCharsPerInputChar: 1) { }
/// <summary> /// Creates a new instance of UrlEncoder with provided settings. /// </summary> /// <param name="settings">Settings used to control how the created <see cref="UrlEncoder"/> encodes, primarily which characters to encode.</param> /// <returns>A new instance of the <see cref="UrlEncoder"/>.</returns> public static UrlEncoder Create(TextEncoderSettings settings) { return(new DefaultUrlEncoder(settings)); }
public JavaScriptStringEncoder(TextEncoderSettings filter) { _encoder = new System.Text.Encodings.Web.DefaultJavaScriptEncoder(filter); }
public DefaultUrlEncoder(TextEncoderSettings filter) { if (filter == null) { throw new ArgumentNullException("filter"); } _allowedCharacters = filter.GetAllowedCharacters(); // Forbid codepoints which aren't mapped to characters or which are otherwise always disallowed // (includes categories Cc, Cs, Co, Cn, Zs [except U+0020 SPACE], Zl, Zp) _allowedCharacters.ForbidUndefinedCharacters(); // Forbid characters that are special in HTML. // Even though this is a not HTML encoder, // it's unfortunately common for developers to // forget to HTML-encode a string once it has been URL-encoded, // so this offers extra protection. DefaultHtmlEncoder.ForbidHtmlCharacters(_allowedCharacters); // Per RFC 3987, Sec. 2.2, we want encodings that are safe for // four particular components: 'isegment', 'ipath-noscheme', // 'iquery', and 'ifragment'. The relevant definitions are below. // // ipath-noscheme = isegment-nz-nc *( "/" isegment ) // // isegment = *ipchar // // isegment-nz-nc = 1*( iunreserved / pct-encoded / sub-delims // / "@" ) // ; non-zero-length segment without any colon ":" // // ipchar = iunreserved / pct-encoded / sub-delims / ":" // / "@" // // iquery = *( ipchar / iprivate / "/" / "?" ) // // ifragment = *( ipchar / "/" / "?" ) // // iunreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" / ucschar // // ucschar = %xA0-D7FF / %xF900-FDCF / %xFDF0-FFEF // / %x10000-1FFFD / %x20000-2FFFD / %x30000-3FFFD // / %x40000-4FFFD / %x50000-5FFFD / %x60000-6FFFD // / %x70000-7FFFD / %x80000-8FFFD / %x90000-9FFFD // / %xA0000-AFFFD / %xB0000-BFFFD / %xC0000-CFFFD // / %xD0000-DFFFD / %xE1000-EFFFD // // pct-encoded = "%" HEXDIG HEXDIG // // sub-delims = "!" / "$" / "&" / "'" / "(" / ")" // / "*" / "+" / "," / ";" / "=" // // The only common characters between these four components are the // intersection of 'isegment-nz-nc' and 'ipchar', which is really // just 'isegment-nz-nc' (colons forbidden). // // From this list, the base encoder already forbids "&", "'", "+", // and we'll additionally forbid "=" since it has special meaning // in x-www-form-urlencoded representations. // // This means that the full list of allowed characters from the // Basic Latin set is: // ALPHA / DIGIT / "-" / "." / "_" / "~" / "!" / "$" / "(" / ")" / "*" / "," / ";" / "@" const string forbiddenChars = @" #%/:=?[\]^`{|}"; // chars from Basic Latin which aren't already disallowed by the base encoder foreach (char character in forbiddenChars) { _allowedCharacters.ForbidCharacter(character); } // Specials (U+FFF0 .. U+FFFF) are forbidden by the definition of 'ucschar' above for (int i = 0; i < 16; i++) { _allowedCharacters.ForbidCharacter((char)(0xFFF0 | i)); } }
public HtmlEncoder(TextEncoderSettings filter) { _encoder = new System.Text.Encodings.Web.DefaultHtmlEncoder(filter); }
/// <summary> /// Creates a new instance of HtmlEncoder with provided settings. /// </summary> /// <param name="settings">Settings used to control how the created <see cref="HtmlEncoder"/> encodes, primarily which characters to encode.</param> /// <returns>A new instance of the <see cref="HtmlEncoder"/>.</returns> public static HtmlEncoder Create(TextEncoderSettings settings) { return new DefaultHtmlEncoder(settings); }
internal HtmlUnicodeEncoder(TextEncoderSettings filter) : base(filter, MaxOutputCharsPerInputChar) { }
internal DefaultUrlEncoder(TextEncoderSettings settings) { if (settings is null) { throw new ArgumentNullException(nameof(settings)); } // Per RFC 3987, Sec. 2.2, we want encodings that are safe for // four particular components: 'isegment', 'ipath-noscheme', // 'iquery', and 'ifragment'. The relevant definitions are below. // // ipath-noscheme = isegment-nz-nc *( "/" isegment ) // // isegment = *ipchar // // isegment-nz-nc = 1*( iunreserved / pct-encoded / sub-delims // / "@" ) // ; non-zero-length segment without any colon ":" // // ipchar = iunreserved / pct-encoded / sub-delims / ":" // / "@" // // iquery = *( ipchar / iprivate / "/" / "?" ) // // ifragment = *( ipchar / "/" / "?" ) // // iunreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" / ucschar // // ucschar = %xA0-D7FF / %xF900-FDCF / %xFDF0-FFEF // / %x10000-1FFFD / %x20000-2FFFD / %x30000-3FFFD // / %x40000-4FFFD / %x50000-5FFFD / %x60000-6FFFD // / %x70000-7FFFD / %x80000-8FFFD / %x90000-9FFFD // / %xA0000-AFFFD / %xB0000-BFFFD / %xC0000-CFFFD // / %xD0000-DFFFD / %xE1000-EFFFD // // pct-encoded = "%" HEXDIG HEXDIG // // sub-delims = "!" / "$" / "&" / "'" / "(" / ")" // / "*" / "+" / "," / ";" / "=" // // The only common characters between these four components are the // intersection of 'isegment-nz-nc' and 'ipchar', which is really // just 'isegment-nz-nc' (colons forbidden). // // From this list, the base encoder already forbids "&", "'", "+", // and we'll additionally forbid "=" since it has special meaning // in x-www-form-urlencoded representations. // // This means that the full list of allowed characters from the // Basic Latin set is: // ALPHA / DIGIT / "-" / "." / "_" / "~" / "!" / "$" / "(" / ")" / "*" / "," / ";" / "@" _innerEncoder = new OptimizedInboxTextEncoder(EscaperImplementation.Singleton, settings.GetAllowedCodePointsBitmap(), extraCharactersToEscape: stackalloc char[] { ' ', // chars from Basic Latin which aren't already disallowed by the base encoder '#', '%', '/', ':', '=', '?', '[', '\\', ']', '^', '`', '{', '|', '}', '\uFFF0', // specials (U+FFF0 .. U+FFFF) are forbidden by the definition of 'ucschar' above '\uFFF1', '\uFFF2', '\uFFF3', '\uFFF4', '\uFFF5', '\uFFF6', '\uFFF7', '\uFFF8', '\uFFF9', '\uFFFA', '\uFFFB', '\uFFFC', '\uFFFD', '\uFFFE', '\uFFFF', });
public void Clear() { // Arrange var filter = new TextEncoderSettings(); for (int i = 1; i <= Char.MaxValue; i++) { filter.AllowCharacter((char)i); } // Act filter.Clear(); // Assert for (int i = 0; i <= Char.MaxValue; i++) { Assert.False(filter.IsCharacterAllowed((char)i)); } }