core2 | C# Online Compiler

core2 by coder micro

using System;
using System.Text.Encodings.Web;
using System.Text.Json;
using System.Text.Unicode;

class Program
{
    static void Main()
    {
        string input = "a + b <script>alert('XSS & +');</script>";

        Console.WriteLine("Original string:");
        Console.WriteLine(input);
        Console.WriteLine();

        Console.WriteLine("Default Encoder:");
        Console.WriteLine(JsonSerializer.Serialize(input, new JsonSerializerOptions
        {
            Encoder = JavaScriptEncoder.Default
        }));

        Console.WriteLine();

        Console.WriteLine("UnsafeRelaxedJsonEscaping:");
        Console.WriteLine(JsonSerializer.Serialize(input, new JsonSerializerOptions
        {
            Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
        }));

        Console.WriteLine();

        Console.WriteLine("Basic Latin only (custom):");
        var customSettings = new TextEncoderSettings();
        customSettings.AllowRange(UnicodeRanges.BasicLatin);
        var customEncoder = JavaScriptEncoder.Create(customSettings);

        Console.WriteLine(JsonSerializer.Serialize(input, new JsonSerializerOptions
        {
            Encoder = customEncoder
        }));

        Console.WriteLine();

        Console.WriteLine("Basic Latin with '+' and '\'' allowed (custom):");
        var plusAndQuoteSettings = new TextEncoderSettings(UnicodeRanges.BasicLatin);
        plusAndQuoteSettings.AllowCharacters('+', '\'');
        var plusAndQuoteEncoder = JavaScriptEncoder.Create(plusAndQuoteSettings);

        Console.WriteLine(JsonSerializer.Serialize(input, new JsonSerializerOptions
        {
            Encoder = plusAndQuoteEncoder
        }));
    }
}

​x
 
using System;
using System.Text.Encodings.Web;
using System.Text.Json;
using System.Text.Unicode;
​
class Program
{
    static void Main()
    {
        string input = "a + b <script>alert('XSS & +');</script>";
​
        Console.WriteLine("Original string:");
        Console.WriteLine(input);
        Console.WriteLine();
​
        Console.WriteLine("Default Encoder:");
        Console.WriteLine(JsonSerializer.Serialize(input, new JsonSerializerOptions
        {
            Encoder = JavaScriptEncoder.Default
        }));
​
        Console.WriteLine();
​
        Console.WriteLine("UnsafeRelaxedJsonEscaping:");
        Console.WriteLine(JsonSerializer.Serialize(input, new JsonSerializerOptions
        {
            Encoder = JavaScriptEncoder.UnsafeRelaxedJsonEscaping
        }));
​
        Console.WriteLine();
​
        Console.WriteLine("Basic Latin only (custom):");
        var customSettings = new TextEncoderSettings();
        customSettings.AllowRange(UnicodeRanges.BasicLatin);
        var customEncoder = JavaScriptEncoder.Create(customSettings);
​
        Console.WriteLine(JsonSerializer.Serialize(input, new JsonSerializerOptions
        {
            Encoder = customEncoder
        }));
​
        Console.WriteLine();
​
        Console.WriteLine("Basic Latin with '+' and '\'' allowed (custom):");
        var plusAndQuoteSettings = new TextEncoderSettings(UnicodeRanges.BasicLatin);
        plusAndQuoteSettings.AllowCharacters('+', '\'');
        var plusAndQuoteEncoder = JavaScriptEncoder.Create(plusAndQuoteSettings);
​
        Console.WriteLine(JsonSerializer.Serialize(input, new JsonSerializerOptions
        {
            Encoder = plusAndQuoteEncoder
        }));
    }
}
​

You are getting wet.

Cached Result
Last Run:	3:30:43 pm
Compile:	0.11s
Execute:	0s
Memory:	0b
CPU:	0s

View IL Code