AntiXssEncoder.XmlEncode(String) 方法

定义

为 XML 特性编码指定字符串。Encodes the specified string for use in XML attributes.

public:
 static System::String ^ XmlEncode(System::String ^ input);
public static string XmlEncode (string input);
static member XmlEncode : string -> string
Public Shared Function XmlEncode (input As String) As String

参数

input
String

要编码的字符串。The string to encode.

返回

String

编码的字符串。The encoded string.

注解

此方法对不安全列表中的所有字符进行编码。This method encodes all characters except those that are in the safe list. 使用表示法对字符进行编码 &#DECIMAL;Characters are encoded by using &#DECIMAL; notation.

备注

在将结果字符串添加到页面之前,请将双引号括 ( "" ) 或单引号 ( "" ) 。Put double quotation marks (" ") or single quotation marks (' ') around the resulting string before you add it to a page.

下表列出了默认的安全字符。The following table lists the default safe characters. 除了 "说明" 列中所述,所有字符均来自 Unicode C0 控件和基本拉丁 字符范围。All characters are from the Unicode C0 Controls and Basic Latin character range except when noted in the Description column.

字符Character(s) 说明Description
A-ZA-Z 大写字母拉丁字母字符Uppercase Latin alphabetic characters
a-za-z 小写拉丁字母字符Lowercase Latin alphabetic characters
0-90-9 数字Numbers
(空间) (Space) SpaceSpace
!! 感叹号Exclamation mark
# 数字符号、哈希Number sign, hash
$ 美元符号Dollar sign
% 百分号Percent sign
( )( ) 括号Parentheses
* 星号Asterisk
+ 正号Plus sign
,, 逗号Comma
- 连字符,减Hyphen, minus
.. 周期Period
/ 斜杠Slash
:: 冒号Colon
;; 分号Semicolon
= 等号Equals sign
?? 问号Question mark
@ 商业Commercial at
[ ][ ] 方括号Square brackets
\\ 反斜杠Backslash
^ 西文插入记号Caret
强调Underscore
` 重音符Grave accent
{ }{ } 大括号、大括号Braces, curly brackets
|| 竖线Vertical line
~ 波形符Tilde
0x00A1 - 0x00AC0x00A1 - 0x00AC 从 Unicode C1 控件和拉丁语-1 补充 字符范围开始,0x00A1 (161 decimal) 和 0x00AC (172) decimal 之间的特殊字符。Special characters between 0x00A1 (161 decimal) and 0x00AC (172 decimal) from the Unicode C1 Controls and Latin-1 Supplement character range. 当为时,将对此范围内的字符进行编码 useNamedEntities trueCharacters in this range are encoded when useNamedEntities is true.
0x00AE - 0x00FF0x00AE - 0x00FF 从 Unicode C1 控件和拉丁语-1 补充 字符范围开始,0x00AE (174 decimal) 和 0x00FF (255) decimal 之间的特殊字符。Special characters between 0x00AE (174 decimal) and 0x00FF (255 decimal) from the Unicode C1 Controls and Latin-1 Supplement character range. 当为时,将对此范围内的字符进行编码 useNamedEntities trueCharacters in this range are encoded when useNamedEntities is true.
0x0100-0x017F0x0100 - 0x017F 0x0100 (256 decimal) 与 0x017F (383 decimal) 之间的字符。Characters between 0x0100 (256 decimal) and 0x017F (383 decimal). (Unicode 拉丁语扩展 的字符范围。 ) (The Unicode Latin-Extended-A character range.)
0x0180 - 0x024F0x0180 - 0x024F 0x0180 (384 decimal) 与 0x024F (591 decimal) 之间的字符。Characters between 0x0180 (384 decimal) and 0x024F (591 decimal). (Unicode 拉丁语扩展 B 字符范围。 ) (The Unicode Latin-Extended-B character range.)
0x0250 - 0x02AF0x0250 - 0x02AF 0x0250 (592 decimal) 与 0x02AF (687 decimal) 之间的字符。Characters between 0x0250 (592 decimal) and 0x02AF (687 decimal). (Unicode IPA extension 字符范围。 ) (The Unicode IPA Extensions character range.)
0x02B0 - 0x02FF0x02B0 - 0x02FF 0x02B0 (688 decimal) 与 0x02FF (767 decimal) 之间的字符。Characters between 0x02B0 (688 decimal) and 0x02FF (767 decimal). (Unicode 间距修饰符字母 字符范围。 ) (The Unicode Spacing Modifier Letters character range.)
0x0300 - 0x036F0x0300 - 0x036F 0x0300 (768 decimal) 与 0x036F (879 decimal) 之间的字符。Characters between 0x0300 (768 decimal) and 0x036F (879 decimal). (Unicode 合并变音符 字符范围。 ) (The Unicode Combining Diacritical Marks character range.)

下表列出了输入和相应编码输出的示例。The following table lists examples of inputs and the corresponding encoded outputs.

alert('XSS Attack!'); alert('XSS Attack!');
<script>alert('XSS Attack!');</script> &lt;script&gt;alert(&apos;XSS Attack!&apos;);&lt;/script&gt;
alert('XSSあAttack!'); alert(&apos;XSS&#12354;Attack!&apos;);
user@contoso.com user@contoso.com
"Anti-Cross Site Scripting Namespace" &quot;Anti-Cross&#32;Site&#32;Scripting&#32;Namespace&quot;

若要自定义安全列表,请调用 MarkAsSafe 方法。To customize the safe list, call the MarkAsSafe method.

适用于