Encode/Decode

Enterprise Security API

Methods

Functions

  • Canonicalize() Canonicalization is simply the operation of reducing a possibly encoded string down to its simplest form. This is important, because attackers frequently use encoding to change their input in a way that will bypass validation filters, but still be interpreted properly by the target of the attack. Note that data encoded more than once is not something that a normal user would generate and should be regarded as an attack
  • DecodeForHtml() Decodes the given encoded string.
  • DecodeFromURL() Decodes a string that has been encoded in the URL using the encodeForURL. this function is deprecated, use function ESAPIDecode('url',...) instead.
  • EncodeForCSS() Encodes the given string for safe output in CSS to reduce the risk of Cross Site Scripting attacks.
  • EncodeForDN() Encodes the given string for safe output in LDAP Distinguished Names.
  • EncodeForHTML() Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
  • EncodeForHTMLAttribute() Encodes the given string for safe output in HTML to reduce the risk of Cross Site Scripting attacks.
  • EncodeForJavaScript() Encodes the given string for safe output in JavaScript to reduce the risk of Cross Site Scripting attacks.
  • EncodeForLDAP() Encodes the given string for safe output in LDAP queries.
  • EncodeForSQL() Encodes the given string for safe output in a query to reduce the risk Cross Site Scripting attacks.
  • EncodeForURL() Encodes the given string for safe output in a URL.
  • EncodeForXML() Encodes the given string for safe output in XML to reduce the risk of Cross Site Scripting attacks.
  • EncodeForXMLAttribute() Encodes the given string for safe output in XMLAttribute to reduce the risk of Cross Site Scripting attacks.
  • EncodeForXPath() Encodes the given string for safe use in an XPath Query.
  • ESAPIDecode() Decodes a string that has been encoded with ESAPIEncode.
  • ESAPIEncode() Encodes the given string for safe output to reduce the risk of Cross Site Scripting attacks.
  • HTMLEditFormat() Replaces special characters in a string with their HTML-escaped equivalents. [version] HTML version to use. currently ignored. -1: The latest implementation of HTML 2.0: HTML 2.0 (Default) 3.2: HTML 3.2 4.0: HTML 4.0
  • URLEncode() Encodes a string to be URL-safe according to the application/x-www-form-urlencoded MIME format
  • URLEncodedFormat() Generates a URL-encoded string. For example, it replaces spaces with %20, and non-alphanumeric characters with equivalent hexadecimal escape sequences. Passes arbitrary strings within a URL.