The difference of several HTMLEncode

I. Coding in C #

Httputility.htmldecode, Httputility.htmlencode and Server.htmldecode, Server.HTMLEncode and Httpserverutility.htmldecode , the difference of HttpServerUtility.HtmlEncode.

They are different from the manual code that is commonly written below.

public static string HTMLEncode (String str) {if (str = NULL | | | str = = "") return ""; Str. Replace ("<", "<"); Str. Replace (">", ">"); Str. Replace ("", ""); Str. Replace ("", ""); Str. Replace ("/" "," ""); Str. Replace ("/", "" "); Str. Replace ("n", "<br/>"); return str; }

Answer:

HtmlEncode: is the HTML source file does not allow the occurrence of characters to encode, usually encoding the following characters: "<", ">", "&", "" "," "and so on;

HtmlDecode: Contrary to HTMLEncode, decoding the original characters;

An easy way to httpserverutility the HtmlEncode (HtmlDecode) of an entity class, which is used to access System.Web.HttpUtility.HtmlEncode from the ASP.net Web application at run time ( HtmlDecode) method, HttpServerUtility the HtmlEncode (HtmlDecode) method of the entity class is internally using System.Web.HttpUtility.HtmlEncode (HtmlDecode) method to encode (decode) a character;

Server.HTMLEncode (Server.htmldecode) is in fact the System.Web.UI.Page class encapsulates the HtmlEncode (HtmlDecode) method of the HttpServerUtility entity class;

The System.Web.UI.Page class has such an attribute: public httpserverutility server{get;

So you can think:

The HtmlEncode method of Server.htmlencode=httpserverutility entity class =httputility.htmlencode;

The HtmlDecode method of Server.htmldecode=httpserverutility entity class =httputility.htmldecode;

They are only for the convenience of the call, the encapsulation is just;

Here is a very simple replacement test code, the test results look at the comments:

protected void Page_Load (object sender, EventArgs e) {Testchar ("<");//less than number replaced by < Testchar (">");////greater than with > T Estchar (""); The English half corner space replaces does not make the substitution; Testchar (""); Chinese full-width spaces are replaced by no substitutions; Testchar ("&"); & Replace with & Testchar ("/"); Replace single quotes with '; Testchar ("/"); Double quotes are replaced with "Testchar" ("R"); Carriage return is replaced with no replacement; Testchar ("n"); Carriage return is replaced with no replacement; Testchar ("/r/n"); Carriage return is replaced with no replacement; } protected void Testchar (String str) {Response.Write (Server.HTMLEncode (str)); Response.Write ("----------------------"); Response.Write (Httpuility.htmlencode (str)); Response.Write ("<br/>"); }

So the manual replacement method is still necessary to handle some HTMLEncode not supported replacements.

public static string HTMLEncode (String str) {str. Replace ("<", "<"); Str. Replace (">", ">"); Str. Replace ("", ""); Str. Replace ("", ""); Str. Replace ("/", "" "); Str. Replace ("/" "," ""); Str. Replace ("n", "<br/>"); }

Using reflector to view the implementation of Httputtility.htmlencode, we can see that it only considers five situations, spaces, and carriage returns are not handled:

public static unsafe void HtmlEncode (string value, TextWriter output) {if (value!= null) {if (output = null) {thro W New ArgumentNullException ("output"); int num = indexofhtmlencodingchars (value, 0); if (num = = 1) {output. Write (value); else {int num2 = value. Length-num; Fixed (char* str = (char*) value) {char* chptr = str; char* chPtr2 = Chptr; while (num--> 0) {chptr2++; output. Write (Chptr2[0]); while (num2--> 0) {chptr2++ char ch = chptr2[0]; if (ch <= ' > ") {switch (ch) {case ' & ': {output. Write ("&"); Continue Case '/': {output. Write ("'"); Continue } case ' "': {output. Write ("" "); Continue Case ' < ': {output. Write ("<"); Continue Case ' > ': {output. Write (">"); Continue } output. Write (CH); Continue if (ch >= '/x00a0 ') && (Ch < ' do ')) {output. Write ("&#"); Output. Write ((int) ch). ToString (Numberformatinfo.invariantinfo)); Output. Write (';'); else {output. Write (CH); } } } } } }

second, the encoding and decoding in JS

the Escape/unescape Escape:escape method returns a string value containing charstring content (in Unicode format). All spaces, punctuation, accented symbols, and any other non-ASCII characters are replaced with%XX encoding, where xx equals the hexadecimal number representing the character unescape: Returns the decoded string exception character from a string object encoded with the Escape method: @ */+ II, Encodeuri/decodeuri encodeURI: Method returns an encoded URI. If the encoding result is passed to decodeURI, the initial string is returned. encodeURI does not encode the following characters: ":", "/", ";" and "?". Use encodeURIComponent to encode these characters decodeURI: Returns the decoded string exception character from a string object encoded with the encodeURI method:! @ # $ & * () =:/;? + ' Three, encodeuricomponent/decodeuricomponent the Encodeuricomponent:encodeuricomponent method returns an encoded URI. If the encoding result is passed to decodeURIComponent, the initial string is returned. Because the encodeURIComponent method will encode all characters decodeuricomponent: Returns the decoded string exception character from a string object encoded with the encodeURIComponent method:! * ( ) '

This digest from: Http://blog.joycode.com/ghj/archives/2010/02/26/115894.joy