Recipe 14.13. Escaping and Unescaping Data for the WebProblemYou need to transform data for use in web operations from escaped to unescaped format or vice versa for proper transmission. This escaping and unescaping should follow the format outlined in RFC 2396Uniform Resource Identifiers (URI): Generic Syntax. SolutionUse the Uri class static methods for escaping and unescaping data and Uris. To escape data, use the static Uri.EscapeDataString method as shown here: string data = "<H1>My html</H1>"; Console.WriteLine("Original Data: {0}",data); Console.WriteLine(); // public static string EscapeDataString(string stringToEscape); string escapedData = Uri.EscapeDataString(data); Console.WriteLine("escaped Data: {0}",escapedData); Console.WriteLine(); // Output from above code is // // Original Data: <H1>My html</H1> // // Escaped Data: %3CH1%3EMy%20html%3C%2FH1%3E To unescape the data, use the static Uri.UnescapeDataString method: // public static string UnescapeDataString( string stringToUnescape); string unescapedData = Uri.UnescapeDataString(escapedData); Console.WriteLine("unescaped Data: {0}",data); Console.WriteLine(); // Output from above code is // // Unescaped Data: <H1>My html</H1> To escape a Uri, use the static Uri.EscapeUriString method: string UriString = "http://user:password@localhost:8080/www.abc.com/" + "home page.htm?item=1233;html=<h1>Heading</h1>#stuff"; Console.WriteLine("Original Uri string: {0}",UriString); Console.WriteLine(); // public static string EscapeUriString(string stringToEscape); string escapedUriString = Uri.EscapeUriString(UriString); Console.WriteLine("Escaped Uri string: {0}",escapedUriString); Console.WriteLine(); // Output from above code is // //Original Uri string: http://user:password@localhost:8080/www.abc.com/home //page.htm?item=1233;html=<h1>Heading</h1>#stuff // //Escaped Uri string: //http://user:password@localhost:8080/www.abc.com/home%20page. //htm?item=1233; //html=%3Ch1%3EHeading%3C/h1%3E#stuff In case you are wondering why escaping a Uri has its own method (EscapeUriString), take a look at what the escaped Uri looks like if you use Uri.EscapeDataString and Uri.UnescapeDataString on it: // Why not just use EscapeDataString to escape a Uri? It's not picky enough… string escapedUriData = Uri.EscapeDataString(UriString); Console.WriteLine("Escaped Uri data: {0}",escapedUriData); Console.WriteLine(); Console.WriteLine(Uri.UnescapeDataString(escapedUriString)); // Output from above code is // // //Escaped Uri data: //http%3A%2F%2Fuser%3Apassword%40localhost%3A8080%2Fwww.abc. //com%2Fhome%20page.htm //%3Fitem%3D1233%3Bhtml%3D%3Ch1%3EHeading%3C%2Fh1%3E%23stuff // //http://user:password@localhost:8080/www.abc.com/home //page.htm?item=1233;html=<h1>Heading</h1>#stuff Notice that the :, /, :, @, and ? characters get escaped when they shouldn't, which is why you use the EscapeUriString method for Uris. DiscussionEscapeUriString assumes that there are no escape sequences already present in the string being escaped. The escaping follows the convention set down in RFC 2396 for converting all reserved characters and characters with a value greater than 128 to their hexadecimal format. In section 2.2 of RFC 2396, it states that the reserved characters are: ;|/| ? |:| @ | & | = | + | $ | , The EscapeUriString method is useful when creating a System.Uri object to ensure that the Uri is escaped correctly. See AlsoSee the "EscapeUriString Method," "EscapeUriData Method," and "Unescape-DataString Method" topics in the MSDN documentation. |