public void UpperUnicodeAncientGreekMusicalNotation() { const long CodePageStart = 0x1D200; const long CodePageEnd = 0x1D24F; UnicodeCharacterEncoder.MarkAsSafe(LowerCodeCharts.Default, LowerMidCodeCharts.None, MidCodeCharts.None, UpperMidCodeCharts.None, UpperCodeCharts.None); for (long i = CodePageStart; i < CodePageEnd; i++) { long h = ((i - 0x10000) / 0x400) + 0xD800; long l = ((i - 0x10000) % 0x400) + 0xDC00; string target = Convert.ToString((char)h) + Convert.ToString((char)l); string expected = "&#" + int.Parse(Convert.ToString(i, 16), System.Globalization.NumberStyles.HexNumber) + ";"; string actual = Encoder.HtmlEncode(target); string testmessage = "0x" + i.ToString("x").PadLeft(5, '0') + " (gap value) "; Assert.AreEqual(expected, actual, "Encoder.HtmlEncode " + testmessage + " beyond base plane."); } }
/// <summary> /// Encodes input strings for use in HTML. /// </summary> /// <param name="input">String to be encoded.</param> /// <param name="useNamedEntities">Value indicating if the HTML 4.0 named entities should be used.</param> /// <returns> /// Encoded string for use in HTML. /// </returns> /// <remarks> /// All characters not safe listed are encoded to their Unicode decimal value, using &#DECIMAL; notation. /// If you choose to use named entities then if a character is an HTML4.0 named entity the named entity will be used. /// The default safe characters include: /// <list type="table"> /// <item><term>a-z</term><description>Lower case alphabet</description></item> /// <item><term>A-Z</term><description>Upper case alphabet</description></item> /// <item><term>0-9</term><description>Numbers</description></item> /// <item><term>,</term><description>Comma</description></item> /// <item><term>.</term><description>Period</description></item> /// <item><term>-</term><description>Dash</description></item> /// <item><term>_</term><description>Underscore</description></item> /// <item><term>'</term><description>Apostrophe</description></item> /// <item><term> </term><description>Space</description></item> /// </list> /// The safe list may be adjusted using <see cref="UnicodeCharacterEncoder.MarkAsSafe"/>. /// <newpara/> /// Example inputs and their related encoded outputs: /// <list type="table"> /// <item><term><script>alert('XSS Attack!');</script></term><description>&lt;script&gt;alert('XSS Attack!');&lt;/script&gt;</description></item> /// <item><term>[email protected]</term><description>[email protected]</description></item> /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item> /// <item><term>"Anti-Cross Site Scripting Library"</term><description>&quote;Anti-Cross Site Scripting Library&quote;</description></item> /// </list> /// </remarks> public static string HtmlEncode(string input, bool useNamedEntities) { return(UnicodeCharacterEncoder.HtmlEncode(input, useNamedEntities)); }