AntiXssEncoder.UrlPathEncode(String) 方法
定义
编码用于 URL 的路径字符串。Encodes path strings for use in a URL.
protected public:
override System::String ^ UrlPathEncode(System::String ^ value);
protected internal override string UrlPathEncode (string value);
override this.UrlPathEncode : string -> string
Protected Friend Overrides Function UrlPathEncode (value As String) As String
参数
- value
- String
要编码的字符串。The string to encode.
返回
包含编码路径的 URL。The URL that contains the encoded path.
注解
此方法对不安全列表中的所有字符进行编码。This method encodes all characters except those that are in the safe list. 使用表示法对字符进行编码 %SINGLE_BYTE_HEX 。Characters are encoded by using %SINGLE_BYTE_HEX notation.
下表列出了默认的安全字符。The following table lists the default safe characters. 所有字符均来自 Unicode C0 控件和基本拉丁 字符范围。All characters are from the Unicode C0 Controls and Basic Latin character range.
| 字符Character(s) | 说明Description |
|---|---|
| A-ZA-Z | 大写字母字符Uppercase alphabetic characters |
| a-za-z | 小写字母字符Lowercase alphabetic characters |
| 0-90-9 | 数字Numbers |
| # | 数字符号、哈希Number sign, hash |
| % | 百分号Percent sign |
| ( )( ) | 括号Parentheses |
| - | 连字符,减Hyphen, minus |
| .. | Period、句点、full stopPeriod, dot, full stop |
| / | 斜杠Slash |
| \\ | 反斜杠Backslash |
| 强调Underscore | |
| { }{ } | 大括号、大括号Braces, curly brackets |
| || | 竖线Vertical line |
| ~ | 波形符Tilde |
下表列出了输入和相应编码输出的示例。The following table lists examples of inputs and the corresponding encoded outputs.
http://www.contoso.com:8080/<en-us>/[page].htm?v={value1}#x=[amount] |
http://www.contoso.com:8080/%3cen-us%3e/%5bpage%5d.htm?v={value1}#x=[amount] |
alert('XSS Attack!'); |
alert(%27XSS%20Attack%21%27)%3b |
<script>alert('XSS Attack!');</script> |
%3cscript%3ealert(%27XSS%20Attack%21%27)%3b%3c/script%3e |
alert('XSSあAttack!'); |
alert(%27XSS%e3%81%82Attack%21%27)%3b |
user@contoso.com |
user%40contoso.com |
"Anti-Cross Site Scripting Namespace" |
%22Anti-Cross%20Site%20Scripting%20Namespace%22 |
此方法仅对 URL 的路径进行编码。This method encodes only the path of a URL. 此方法不会对方案进行编码 (例如, http: 、 ftp: 或 file:) 、颁发机构 (例如 www.northwind.com 或 www.contoso.com:8080) 或查询或片段 (例如 ?v=s978dfs9#x=103) 。This method will not encode the scheme (for example, http:, ftp:, or file:), the authority (for example, www.northwind.com or www.contoso.com:8080), or the query or fragment (for example, ?v=s978dfs9#x=103). 如果字符串中没有方案或授权,则假定该字符串是相对路径,并且已对该路径进行编码。If there is no scheme or authority in the string, the string is assumed to be a relative path, and the path is encoded. 在以下 URL 中,只对子字符串 /default.htm 进行编码:In the following URL, only the substring /default.htm is encoded:
http://www.contoso.com:8080/default.htm?v=s978dfs9#x=103