This is the code :
Response.Write("asd1 X : " + HttpUtility.HtmlEncode("×"));
Response.Write("asd2 X : " + HttpUtility.HtmlEncode("✖"));
The fist one is :
asd1 X : × // OK, ENCODED AS HTML ENTITIES
the second no, just ✖ :
asd2 X : ✖
which kind of char is that? Also, if I try here the result is :
asd1 X : ×
asd2 X : ✖
What?? Why this differences?
In the MSDN page for HttpUtility.HtmlEncode(string)
, you will find this comment:
It encodes all character codes from decimal 160 to 255 (both inclusive) to their numerical entity (eg
 
)
×
( ×
) is the same as ×
/ ×
on my computer, so will get encoded, but since ✖
is ✖
/ ✖
, it will not be.
You can use the overload of HtmlEncode
that takes a TextWriter
based on the wanted Encoding.
My best guest is that not all strings has a entity representation. The Heavy multiplication X is just one of the many that don't.
To elaborate Oded's link, HttpUtility.HtmlEncode
only encodes characters in ISO 8859-1 (Latin-1) . Since the Heavy Multiplication X is out of this range, the function doesn't handle it.
If you try Microsoft.Security.Application.AntiXss.HtmlEncode("✖");
, you'll get the HTML entity in ✖
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.