将 HttpUtility.UrlEncodeUnicode 替换为 HttpUtility.UrlEncode 是否安全
Is it safe to replace HttpUtility.UrlEncodeUnicode with HttpUtility.UrlEncode
我在构建一些遗留代码时收到警告:
'System.Web.HttpUtility.UrlEncodeUnicode(string)' is obsolete: '"This
method produces non-standards-compliant output and has
interoperability issues. The preferred alternative is
UrlEncode(String)."'
用HttpUtility.UrlEncode(string)
替换HttpUtility.UrlEncodeUnicode(string)
安全吗?对于任何字符串,这两种方法都会产生 相同的 结果吗?
如果不是,首选的替代方案是什么?
基于 Microsoft Reference Source(具有 .NET 引用的源代码)。 HttpUtility.UrlEncode(string)
是 HttpUtility.UrlEncodeUnicode(string)
的替代,如下所示:
[Obsolete("This method produces non-standards-compliant output and has interoperability issues. The preferred alternative is UrlEncode(String).")]
public static string UrlEncodeUnicode(string str) {..} // just removed the code in case of copy-rights.
所以,UrlEncode(*)
优于UrlEncodeUnicode(*)
,参考来源here
Do both methods produce identical results for any string?
否,示例:
HttpUtility.UrlEncodeUnicode("☺"); // %u263a
HttpUtility.UrlEncode("☺") // %e2%98%ba
Is it safe to replace HttpUtility.UrlEncodeUnicode(string) with HttpUtility.UrlEncode(string)?
几乎安全,这取决于解码器,大多数解码器都可以处理UrlEncode
的结果,因为它是标准的,如果你的项目使用非标准的,那么它就不安全。 (顺便说一句 HttpUtility.UrlDecode
可以处理这两个结果。)
我在构建一些遗留代码时收到警告:
'System.Web.HttpUtility.UrlEncodeUnicode(string)' is obsolete: '"This method produces non-standards-compliant output and has interoperability issues. The preferred alternative is UrlEncode(String)."'
用HttpUtility.UrlEncode(string)
替换HttpUtility.UrlEncodeUnicode(string)
安全吗?对于任何字符串,这两种方法都会产生 相同的 结果吗?
如果不是,首选的替代方案是什么?
基于 Microsoft Reference Source(具有 .NET 引用的源代码)。 HttpUtility.UrlEncode(string)
是 HttpUtility.UrlEncodeUnicode(string)
的替代,如下所示:
[Obsolete("This method produces non-standards-compliant output and has interoperability issues. The preferred alternative is UrlEncode(String).")]
public static string UrlEncodeUnicode(string str) {..} // just removed the code in case of copy-rights.
所以,UrlEncode(*)
优于UrlEncodeUnicode(*)
,参考来源here
Do both methods produce identical results for any string?
否,示例:
HttpUtility.UrlEncodeUnicode("☺"); // %u263a
HttpUtility.UrlEncode("☺") // %e2%98%ba
Is it safe to replace HttpUtility.UrlEncodeUnicode(string) with HttpUtility.UrlEncode(string)?
几乎安全,这取决于解码器,大多数解码器都可以处理UrlEncode
的结果,因为它是标准的,如果你的项目使用非标准的,那么它就不安全。 (顺便说一句 HttpUtility.UrlDecode
可以处理这两个结果。)