System.Text.Encodings.Web 10.0.0-preview.5.25277.114
About
Provides types for encoding and escaping strings for use in JavaScript, HTML, and URLs.
This package is essential for protecting web applications against cross-site scripting (XSS) attacks by safely encoding text, and it offers extensive support for Unicode, allowing fine-grained control over which characters are encoded and which are left unescaped.
Key Features
- Safe encoders for HTML, JavaScript, and URL strings.
- Extensible to support custom encoding scenarios, including the ability to specify Unicode ranges.
- Helps prevent cross-site scripting (XSS) vulnerabilities.
- Flexible Unicode encoding with support for specifying individual or predefined ranges to cover broader sets of characters, including options to avoid escaping specific language character sets.
How to Use
Encoding HTML, JavaScript, and URLs
using System.Text.Encodings.Web;
string unsafeString = "<script>alert('XSS Attack!');</script>";
// HTML encode the string to safely display it on a web page.
string safeHtml = HtmlEncoder.Default.Encode(unsafeString);
Console.WriteLine(safeHtml);
// <script>alert('XSS Attack!');</script>
// JavaScript encode the string to safely include it in a JavaScript context.
string safeJavaScript = JavaScriptEncoder.Default.Encode(unsafeString);
Console.WriteLine(safeJavaScript);
// \u003Cscript\u003Ealert(\u0027XSS Attack!\u0027);\u003C/script\u003E
string urlPart = "user input with spaces and & symbols";
// URL encode the string to safely include it in a URL.
string encodedUrlPart = UrlEncoder.Default.Encode(urlPart);
Console.WriteLine(encodedUrlPart);
// user%20input%20with%20spaces%20and%20%26%20symbols
Custom Encoding Scenario with Specific Unicode Ranges
using System.Text.Encodings.Web;
using System.Text.Unicode;
TextEncoderSettings customEncoderSettings = new TextEncoderSettings();
customEncoderSettings.AllowCharacters('!', '*', '-', '.', '_', '~'); // RFC 3986 unreserved characters
customEncoderSettings.AllowRange(new UnicodeRange('a', 26));
customEncoderSettings.AllowRange(new UnicodeRange('A', 26));
customEncoderSettings.AllowRange(new UnicodeRange('0', 10));
// Create a URL encoder with the custom settings
UrlEncoder customUrlEncoder = UrlEncoder.Create(customEncoderSettings);
string customUrlPart = "custom data: (@123!)";
// By default, the symbols '(', ')', and '@' are not encoded
string defaultEncoded = UrlEncoder.Default.Encode(customUrlPart);
Console.WriteLine(defaultEncoded);
// custom%20data%3A%20(@123!)
// Now, the symbols '(', ')', and '@' are also encoded
string customEncoded = customUrlEncoder.Encode(customUrlPart);
Console.WriteLine(customEncoded);
// custom%20data%3A%20%28%40123!%29
Serialization with Specific Unicode Character Sets
By default Cyrillic characters are encoded as Unicode escape sequences in JSON.
{
"Date": "2019-08-01T00:00:00-07:00",
"TemperatureCelsius": 25,
"Summary": "\u0436\u0430\u0440\u043A\u043E"
}
This can be customized by providing a custom JavaScriptEncoder to JsonSerializerOptions:
JsonSerializerOptions options = new JsonSerializerOptions
{
Encoder = JavaScriptEncoder.Create(UnicodeRanges.BasicLatin, UnicodeRanges.Cyrillic),
WriteIndented = true
};
jsonString = JsonSerializer.Serialize(weatherForecast, options1);
{
"Date": "2019-08-01T00:00:00-07:00",
"TemperatureCelsius": 25,
"Summary": "жарко"
}
More information about this can be found in the How to customize character encoding with System.Text.Json article.
Main Types
The main types provided by this library are:
System.Text.Encodings.Web.HtmlEncoderSystem.Text.Encodings.Web.JavaScriptEncoderSystem.Text.Encodings.Web.UrlEncoderSystem.Text.Encodings.Web.TextEncoderSystem.Text.Encodings.Web.TextEncoderSettingsSystem.Text.Unicode.UnicodeRangeSystem.Text.Unicode.UnicodeRanges
Additional Documentation
Feedback & Contributing
System.Text.Encodings.Web is released as open source under the MIT license. Bug reports and contributions are welcome at the GitHub repository.
Showing the top 20 packages that depend on System.Text.Encodings.Web.
| Packages | Downloads |
|---|---|
|
Microsoft.Identity.Web.TokenAcquisition
Implementation for higher level API for confidential client applications (ASP.NET Core and SDK/.NET).
|
4 |
|
Microsoft.Identity.Web.Certificateless
This package brings certificateless authentication.
|
4 |
|
TencentCloudSDK
Tencent Cloud API 3.0 SDK for .NET
|
4 |
|
System.Text.Json
Provides high-performance and low-allocating types that serialize objects to JavaScript Object Notation (JSON) text and deserialize JSON text to objects, with UTF-8 support built-in. Also provides types to read and write JSON text encoded as UTF-8, and to create an in-memory document object model (DOM), that is read-only, for random access of the JSON elements within a structured view of the data.
The System.Text.Json library is built-in as part of the shared framework in .NET Runtime. The package can be installed when you need to use it in other target frameworks.
|
4 |
|
Microsoft.CodeAnalysis.CSharp.Features
.NET Compiler Platform ("Roslyn") support for creating C# editing experiences.
More details at https://aka.ms/roslyn-packages
This package was built from the source at https://github.com/dotnet/roslyn/commit/cf82d399c36008e7936d545cde24141f8d3790fa.
|
3 |
|
TencentCloudSDK
Tencent Cloud API 3.0 SDK for .NET
|
3 |
|
Microsoft.Data.SqlClient
Provides the data provider for SQL Server. These classes provide access to versions of SQL Server and encapsulate database-specific protocols, including tabular data stream (TDS)
Commonly Used Types:
Microsoft.Data.SqlClient.SqlConnection
Microsoft.Data.SqlClient.SqlException
Microsoft.Data.SqlClient.SqlParameter
Microsoft.Data.SqlClient.SqlDataReader
Microsoft.Data.SqlClient.SqlCommand
Microsoft.Data.SqlClient.SqlTransaction
Microsoft.Data.SqlClient.SqlParameterCollection
Microsoft.Data.SqlClient.SqlClientFactory
When using NuGet 3.x this package requires at least version 3.4.
|
3 |
|
KubernetesClient
Client library for the Kubernetes open source container orchestrator.
|
3 |
|
Microsoft.CodeAnalysis.CSharp.Features
.NET Compiler Platform ("Roslyn") support for creating C# editing experiences.
More details at https://aka.ms/roslyn-packages
This package was built from the source at https://github.com/dotnet/roslyn/commit/75e79dace86b274327a1afe479228d82a06051a4.
|
3 |
|
Microsoft.VisualStudio.Shell.Design
A member of the Visual Studio SDK
|
3 |
|
Microsoft.Extensions.WebEncoders
Contains registration and configuration APIs to add the core framework encoders to a dependency injection container.
This package was built from the source code at https://github.com/dotnet/aspnetcore/tree/5a007deadbb2636caff4656333cafc818b6b2ef6
|
3 |
|
Microsoft.CodeAnalysis.Features
.NET Compiler Platform ("Roslyn") support for creating editing experiences.
More details at https://aka.ms/roslyn-packages
This package was built from the source at https://github.com/dotnet/roslyn/commit/75e79dace86b274327a1afe479228d82a06051a4.
|
3 |
|
Microsoft.Identity.Web.TokenCache
This package bring token cache serializers for MSAL.NET confidential client applications.
|
3 |
|
Microsoft.AspNetCore.App
Provides a default set of APIs for building an ASP.NET Core application.
This package requires the ASP.NET Core runtime. This runtime is installed by the .NET Core SDK, or can be acquired separately using installers available at https://aka.ms/dotnet-download.
|
3 |
|
Azure.Core
This is the implementation of the Azure Client Pipeline
|
3 |
|
Microsoft.Extensions.WebEncoders
Contains registration and configuration APIs to add the core framework encoders to a dependency injection container.
This package was built from the source code at https://github.com/aspnet/Extensions/tree/0de62ae930da31048ba7e54c8cd0c6c0bcbd9095
|
3 |
https://go.microsoft.com/fwlink/?LinkID=799421
.NET Framework 4.6.2
- System.Buffers (>= 4.6.1)
- System.Memory (>= 4.6.3)
- System.Runtime.CompilerServices.Unsafe (>= 6.1.2)
.NET 8.0
- No dependencies.
.NET 9.0
- No dependencies.
.NET 10.0
- No dependencies.
.NET Standard 2.0
- System.Buffers (>= 4.6.1)
- System.Memory (>= 4.6.3)
- System.Runtime.CompilerServices.Unsafe (>= 6.1.2)