special characters into XML safe format, as in the following examples:
- A left-pointing angle
bracket (<) is converted to <
- A right-pointing angle
bracket (>) is converted to >
- An ampersand (&) is
converted to &
operation safeguards against cross-site scripting attacks. Maximum length of
the transformed text is 2048 bytes. This is a read-only operation.
applying the transformation, additional operators that you specify in the
expression are applied to the selected text. Following is an example:
all new line ('\n') characters in the input text to '%0A' to enable the input
to be used safely in HTTP headers.
operation safeguards against response-splitting attacks.
length of the transformed text is 2048 bytes. This is a read-only operation.
unsafe URL characters to '%xx' values, where “xx” is a hex-based representation
of the input character. For example, the ampersand (&) is represented as
%26 in URL-safe encoding. The maximum length of the transformed text is 2048
bytes. This is a read-only operation.
are URL safe characters. All others are unsafe:
- Alpha-numeric characters:
a-z, A-Z, 0-9
- Asterix: "*"
- Ampersand: "&"
- At-sign: "@"
- Colon: ":"
- Comma: ","
- Dollar: "$"
- Dot: "."
- Equals: "="
- Exclamation mark: "!"
- Hyphen: "-"
- Open and close parentheses:
- Percent: "%"
- Plus: "+"
- Semicolon: ";"
- Single quote: "'"
- Slash: "/"
- Question mark: "?"
- Tilde: "~"
- Underscore: "_"
text as safe without applying any type of data transformation.
all %HH encoding in the byte stream. This operation works with characters (not
bytes). By default, a single byte represents a character in ASCII encoding.
However, if you specify URLENCODED mode, three bytes can represent a character.
following example, a PREFIX(3) operation selects the first 3 characters in a
following example, the NetScaler can select up to 9 bytes from the target:
how to treat the plus character (+). The PLUS_AS_SPACE option replaces a plus
character with white space. For example, the text “hello+world” becomes “hello
world.” The NO_PLUS_AS_SPACE option leaves plus characters as they are.
whether or not backslash decoding is performed on the text object represented
BACKSLASH_ENCODED is specified, the
SET_TEXT_MODE operator performs the following
operations on the text object:
- All occurrences of “\XXX”
will be replaced with the character “Y” (where XXX represents a number in the
octal system and Y represents the ASCII equivalent of XXX). The valid range of
octal values for this type of encoding is 0 to 377. For example, the encoded
text "http\72//" and "http\072//" will both be decoded to "http://", where the
colon (:) is the ASCII equivalent of the octal value “72”.
- All occurrences of “\xHH”
will be replaced with the character “Y” (HH represents a number in the
hexadecimal system and Y denotes the ASCII equivalent of HH. For example, the
encoded text "http\x3a//" will be decoded to "http://", where the colon (:) is
the ASCII equivalent of the hexadecimal value “3a“.
- All occurrences of
“\\uWWXX” will be replaced with the character sequence “YZ” (Where WW and XX
represent two distinct hexadecimal values and Y and Z represent their ASCII
equivalents of WW and XX respectively. For example, the encoded text
"http%u3a2f/" and "http%u003a//" will both be decoded to "http://", where “3a”
and “2f” are two hexadecimal values and the colon (:) and forward slash (“/”)
represent their ASCII equivalents respectively.
- All occurrences of "\b",
"\n", "\t", "\f", and "\r" are replaced with the corresponding ASCII
NO_BACKSLASH_ENCODED is specified, backslash decoding
is not performed on the text object.
the associated undefined action if either the
URLENCODED or the
BACKSLASH_ENCODED mode is set and bad encoding
corresponding to the specified encoding mode is encountered in the text object
represented by <text>.
NO_BAD_ENCODE_RAISE_UNDEF is specified, the associated
undefined action will not be performed when bad encoding is encountered in the
text object represented by<text>.