AntiXssEncoder.UrlPathEncode(String) 方法

定义

编码用于 URL 的路径字符串。Encodes path strings for use in a URL.

protected public:
 override System::String ^ UrlPathEncode(System::String ^ value);
protected internal override string UrlPathEncode (string value);
override this.UrlPathEncode : string -> string
Protected Friend Overrides Function UrlPathEncode (value As String) As String

参数

value
String

要编码的字符串。The string to encode.

返回

String

包含编码路径的 URL。The URL that contains the encoded path.

注解

此方法对不安全列表中的所有字符进行编码。This method encodes all characters except those that are in the safe list. 使用表示法对字符进行编码 %SINGLE_BYTE_HEXCharacters are encoded by using %SINGLE_BYTE_HEX notation.

下表列出了默认的安全字符。The following table lists the default safe characters. 所有字符均来自 Unicode C0 控件和基本拉丁 字符范围。All characters are from the Unicode C0 Controls and Basic Latin character range.

字符Character(s) 说明Description
A-ZA-Z 大写字母字符Uppercase alphabetic characters
a-za-z 小写字母字符Lowercase alphabetic characters
0-90-9 数字Numbers
# 数字符号、哈希Number sign, hash
% 百分号Percent sign
( )( ) 括号Parentheses
- 连字符,减Hyphen, minus
.. Period、句点、full stopPeriod, dot, full stop
/ 斜杠Slash
\\ 反斜杠Backslash
强调Underscore
{ }{ } 大括号、大括号Braces, curly brackets
|| 竖线Vertical line
~ 波形符Tilde

下表列出了输入和相应编码输出的示例。The following table lists examples of inputs and the corresponding encoded outputs.

http://www.contoso.com:8080/<en-us>/[page].htm?v={value1}#x=[amount] http://www.contoso.com:8080/%3cen-us%3e/%5bpage%5d.htm?v={value1}#x=[amount]
alert('XSS Attack!'); alert(%27XSS%20Attack%21%27)%3b
<script>alert('XSS Attack!');</script> %3cscript%3ealert(%27XSS%20Attack%21%27)%3b%3c/script%3e
alert('XSSあAttack!'); alert(%27XSS%e3%81%82Attack%21%27)%3b
user@contoso.com user%40contoso.com
"Anti-Cross Site Scripting Namespace" %22Anti-Cross%20Site%20Scripting%20Namespace%22

此方法仅对 URL 的路径进行编码。This method encodes only the path of a URL. 此方法不会对方案进行编码 (例如, http:ftp:file:) 、颁发机构 (例如 www.northwind.comwww.contoso.com:8080) 或查询或片段 (例如 ?v=s978dfs9#x=103) 。This method will not encode the scheme (for example, http:, ftp:, or file:), the authority (for example, www.northwind.com or www.contoso.com:8080), or the query or fragment (for example, ?v=s978dfs9#x=103). 如果字符串中没有方案或授权,则假定该字符串是相对路径,并且已对该路径进行编码。If there is no scheme or authority in the string, the string is assumed to be a relative path, and the path is encoded. 在以下 URL 中,只对子字符串 /default.htm 进行编码:In the following URL, only the substring /default.htm is encoded:

http://www.contoso.com:8080/default.htm?v=s978dfs9#x=103

适用于