GuardEncode()

edit

Deprecated legacy function. Use context-specific functions (e.g., encodeForHTML) instead. Encodes data for a specific output context. This is a vital defense against Cross-Site Scripting (XSS) and injection attacks by ensuring characters are treated as data rather than executable code.

Status:

deprecated

Requires Extension: Guard extension


	GuardEncode( encodeFor=string, string=string, canonicalize=boolean, dialect=string );

Returns: String

Argument	Description	Default
encodeFor _{string, required}	edit The target output context. Valid values: css: for style sheets dn: for LDAP Distinguished Names html: for HTML body content html_attr: for HTML attributes (e.g., value, title) javascript: for script blocks or event handlers ldap: for LDAP search filters url: for URI components sql: for database query literals vbscript: for legacy VBScript contexts xml: for XML element content xml_attr: for XML attribute values xpath: for XPath query parameters
string _{string, required}	edit The raw string to be encoded.
canonicalize _{boolean, optional}	edit If true, simplifies the input (resolving multiple/mixed encoding) before applying the new encoding. This prevents bypass attacks using double-encoding. Introduced: 5.0.0.0	false
dialect _{string, optional}	edit Required only if encodeFor is 'sql'. Specifies the database syntax: db2 mysql_ansi mysql oracle

Examples

There are currently no examples for this function 29,577ms WARN No examples for function GuardEncode

GuardEncode()

Examples

See also