将 HttpUtility.UrlEncodeUnicode 替换为 HttpUtility.UrlEncode 是否安全

Is it safe to replace HttpUtility.UrlEncodeUnicode with HttpUtility.UrlEncode

我在构建一些遗留代码时收到警告:

'System.Web.HttpUtility.UrlEncodeUnicode(string)' is obsolete: '"This method produces non-standards-compliant output and has interoperability issues. The preferred alternative is UrlEncode(String)."'

HttpUtility.UrlEncode(string)替换HttpUtility.UrlEncodeUnicode(string)安全吗?对于任何字符串,这两种方法都会产生 相同的 结果吗?

如果不是,首选的替代方案是什么?

基于 Microsoft Reference Source(具有 .NET 引用的源代码)。 HttpUtility.UrlEncode(string)HttpUtility.UrlEncodeUnicode(string) 的替代,如下所示:

[Obsolete("This method produces non-standards-compliant output and has interoperability issues. The preferred alternative is UrlEncode(String).")]
public static string UrlEncodeUnicode(string str) {..} // just removed the code in case of copy-rights. 

所以,UrlEncode(*)优于UrlEncodeUnicode(*),参考来源here

Do both methods produce identical results for any string?

否,示例:

HttpUtility.UrlEncodeUnicode("☺"); // %u263a
HttpUtility.UrlEncode("☺") // %e2%98%ba

Is it safe to replace HttpUtility.UrlEncodeUnicode(string) with HttpUtility.UrlEncode(string)?

几乎安全,这取决于解码器,大多数解码器都可以处理UrlEncode的结果,因为它是标准的,如果你的项目使用非标准的,那么它就不安全。 (顺便说一句 HttpUtility.UrlDecode 可以处理这两个结果。)