/// <summary>
/// Encodes input strings for use in JavaScript.
/// </summary>
/// <param name="input">String to be encoded.</param>
/// <returns>
/// Encoded string for use in JavaScript.
/// </returns>
/// <remarks>
/// This function encodes all but known safe characters. Characters are encoded using \xSINGLE_BYTE_HEX and \uDOUBLE_BYTE_HEX notation.
/// <newpara />
/// Safe characters include:
/// <list type="table">
/// <item><term>a-z</term><description>Lower case alphabet</description></item>
/// <item><term>A-Z</term><description>Upper case alphabet</description></item>
/// <item><term>0-9</term><description>Numbers</description></item>
/// <item><term>,</term><description>Comma</description></item>
/// <item><term>.</term><description>Period</description></item>
/// <item><term>-</term><description>Dash</description></item>
/// <item><term>_</term><description>Underscore</description></item>
/// <item><term> </term><description>Space</description></item>
/// <item><term> </term><description>Other International character ranges</description></item>
/// </list>
/// <newpara />
/// Example inputs and encoded outputs:
/// <list type="table">
/// <item><term>alert('XSS Attack!');</term><description>'alert\x28\x27XSS Attack\x21\x27\x29\x3b'</description></item>
/// <item><term>[email protected]</term><description>'user\x40contoso.com'</description></item>
/// <item><term>Anti-Cross Site Scripting Library</term><description>'Anti-Cross Site Scripting Library'</description></item>
/// </list>
/// </remarks>
public static string JavaScriptEncode(string input)
{
return(Encoder.JavaScriptEncode(input, true));
}
/// <summary>
/// Encodes input strings for use as a value in Lightweight Directory Access Protocol (LDAP) DNs.
/// </summary>
/// <param name="input">String to be encoded.</param>
/// <returns>Encoded string for use as a value in LDAP DNs.</returns>
/// <remarks>This method encodes all but known safe characters defined in the safe list.
/// <newpara />
/// RFC 2253 defines the format in which special characters need to be
/// escaped to be used inside a search filter. Special characters need to be
/// encoded in #XX format where XX is the hex representation of the character or a
/// specific \ escape format.
/// <newpara />
/// The following examples illustrate the use of the escaping mechanism.
/// <list type="table">
/// <item><term>, + \ " \ < ></term><description>\, \+ \" \\ \< \></description></item>
/// <item><term> hello</term><description>\ hello</description></item>
/// <item><term>hello </term><description>hello \ </description></item>
/// <item><term>#hello</term><description>\#hello</description></item>
/// <item><term>Lučić</term><description>Lu#C4#8Di#C4#87</description></item>
/// </list>
/// </remarks>
public static string LdapDistinguishedNameEncode(string input)
{
return(Encoder.LdapDistinguishedNameEncode(input, true, true));
}
/// <summary>
/// Encodes input strings for use in application/x-www-form-urlencoded form submissions.
/// </summary>
/// <param name="input">String to be encoded.</param>
/// <param name="codePage">Codepage number of the input.</param>
/// <returns>
/// Encoded string for use in URLs.
/// </returns>
/// <remarks>
/// This function encodes the output as per the encoding parameter (codepage) passed to it. It encodes
/// all but known safe characters. Characters are encoded using %SINGLE_BYTE_HEX and %DOUBLE_BYTE_HEX notation.
/// <newpara />
/// Safe characters include:
/// <list type="table">
/// <item><term>a-z</term><description>Lower case alphabet</description></item>
/// <item><term>A-Z</term><description>Upper case alphabet</description></item>
/// <item><term>0-9</term><description>Numbers</description></item>
/// <item><term>.</term><description>Period</description></item>
/// <item><term>-</term><description>Dash</description></item>
/// <item><term>_</term><description>Underscore</description></item>
/// <item><term>~</term><description>Tilde</description></item>
/// </list>
/// <newpara />
/// Example inputs and encoded outputs:
/// <list type="table">
/// <item><term>alert('XSSあAttack!');</term><description>alert%28%27XSS%82%a0Attack%21%27%29%3b</description></item>
/// <item><term>[email protected]</term><description>user%40contoso.com</description></item>
/// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross+Site+Scripting+Library</description></item>
/// </list>
/// </remarks>
public static string HtmlFormUrlEncode(string input, int codePage)
{
return(Encoder.HtmlFormUrlEncode(input, Encoding.GetEncoding(codePage)));
}
/// <summary>
/// Encodes input strings for use in application/x-www-form-urlencoded form submissions.
/// </summary>
/// <param name="input">String to be encoded.</param>
/// <returns>
/// Encoded string for use in URLs.
/// </returns>
/// <remarks>
/// This function encodes all but known safe characters. Characters are encoded using %SINGLE_BYTE_HEX
/// and %DOUBLE_BYTE_HEX notation.
/// <newpara />
/// Safe characters include:
/// <list type="table">
/// <item><term>a-z</term><description>Lower case alphabet</description></item>
/// <item><term>A-Z</term><description>Upper case alphabet</description></item>
/// <item><term>0-9</term><description>Numbers</description></item>
/// <item><term>.</term><description>Period</description></item>
/// <item><term>-</term><description>Dash</description></item>
/// <item><term>_</term><description>Underscore</description></item>
/// <item><term>~</term><description>Tilde</description></item>
/// </list>
/// <newpara />
/// Example inputs and encoded outputs:
/// <list type="table">
/// <item><term>alert('XSS Attack!');</term><description>alert%28%27XSS+Attack%21%27%29%3b</description></item>
/// <item><term>[email protected]</term><description>user%40contoso.com</description></item>
/// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross+Site+Scripting+Library</description></item>
/// </list>
/// </remarks>
public static string HtmlFormUrlEncode(string input)
{
return(Encoder.HtmlFormUrlEncode(input, Encoding.UTF8));
}
/// <summary>
/// Encodes input strings for use in universal resource locators (URLs).
/// </summary>
/// <param name="input">String to be encoded.</param>
/// <returns>
/// Encoded string for use in URLs.
/// </returns>
/// <remarks>
/// This function encodes all but known safe characters. Characters are encoded using %SINGLE_BYTE_HEX
/// and %DOUBLE_BYTE_HEX notation.
/// <newpara />
/// Safe characters include:
/// <list type="table">
/// <item><term>a-z</term><description>Lower case alphabet</description></item>
/// <item><term>A-Z</term><description>Upper case alphabet</description></item>
/// <item><term>0-9</term><description>Numbers</description></item>
/// <item><term>.</term><description>Period</description></item>
/// <item><term>-</term><description>Dash</description></item>
/// <item><term>_</term><description>Underscore</description></item>
/// <item><term>~</term><description>Tilde</description></item>
/// </list>
/// <newpara />
/// Example inputs and encoded outputs:
/// <list type="table">
/// <item><term>alert('XSS Attack!');</term><description>alert%28%27XSS%20Attack%21%27%29%3b</description></item>
/// <item><term>[email protected]</term><description>user%40contoso.com</description></item>
/// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross%20Site%20Scripting%20Library</description></item>
/// </list>
/// </remarks>
public static string UrlEncode(string input)
{
return(Encoder.UrlEncode(input, Encoding.UTF8));
}
/// <summary>
/// Encodes input strings for use in HTML.
/// </summary>
/// <param name="input">String to be encoded.</param>
/// <returns>
/// Encoded string for use in HTML.
/// </returns>
/// <remarks>
/// All characters not safe listed are encoded to their Unicode decimal value, using &#DECIMAL; notation.
/// The default safe characters include:
/// <list type="table">
/// <item><term>a-z</term><description>Lower case alphabet</description></item>
/// <item><term>A-Z</term><description>Upper case alphabet</description></item>
/// <item><term>0-9</term><description>Numbers</description></item>
/// <item><term>,</term><description>Comma</description></item>
/// <item><term>.</term><description>Period</description></item>
/// <item><term>-</term><description>Dash</description></item>
/// <item><term>_</term><description>Underscore</description></item>
/// <item><term>'</term><description>Apostrophe</description></item>
/// <item><term> </term><description>Space</description></item>
/// </list>
/// The safe list may be adjusted using <see cref="M:Microsoft.Security.Application.UnicodeCharacterEncoder.MarkAsSafe(Microsoft.Security.Application.LowerCodeCharts,Microsoft.Security.Application.LowerMidCodeCharts,Microsoft.Security.Application.MidCodeCharts,Microsoft.Security.Application.UpperMidCodeCharts,Microsoft.Security.Application.UpperCodeCharts)" />.
/// <newpara />
/// Example inputs and their related encoded outputs:
/// <list type="table">
/// <item><term><script>alert('XSS Attack!');</script></term><description>&lt;script&gt;alert('XSS Attack!');&lt;/script&gt;</description></item>
/// <item><term>[email protected]</term><description>[email protected]</description></item>
/// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item>
/// <item><term>"Anti-Cross Site Scripting Library"</term><description>&quote;Anti-Cross Site Scripting Library&quote;</description></item>
/// </list>
/// </remarks>
public static string HtmlEncode(string input)
{
return(Encoder.HtmlEncode(input, false));
}
public static string LdapEncode(string input)
{
return(Encoder.LdapFilterEncode(input));
}